CVE-2012-3353: Infoleak
First published: Tue Jan 09 2018(Updated: )
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.sling:org.apache.sling.jcr.contentloader | <2.1.6 | 2.1.6 |
| Apache Sling JCR ContentLoader | =2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-cve
- collector/nvd-index
- collector/github-advisory
- alias/GHSA-wjp3-4xcq-598p
- alias/CVE-2012-3353
- collector/github-advisory-latest
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/apache
- canonical/apache sling jcr contentloader
- version/apache sling jcr contentloader/2.1.4
- package-manager/maven