CVE-2021-41792

Published
View on NVD ↗
CVSS v3
5.3
MEDIUM
CVSS v2
5
MEDIUM
Affected
1
PROJECT

Description

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.

Alfresco/acs-packaging
Alfresco/acs-packaging
Packaging of Docker containers, war file and zip for Alfresco Content Services (Enterprise)
GitHubGitHub
28