First published: Mon Nov 22 2021(Updated: )
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-xchange Ox App Suite | <=7.10.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33491 is a vulnerability in OX App Suite through 7.10.5 that allows Directory Traversal via ../ in an OOXML or ODF ZIP archive.
CVE-2021-33491 affects OX App Suite through 7.10.5 by allowing Directory Traversal via ../ in an OOXML or ODF ZIP archive.
The severity of CVE-2021-33491 is medium with a severity value of 6.5.
CVE-2021-33491 can be exploited by using ../ in an OOXML or ODF ZIP archive in conjunction with auto-configuration DNS records.
To fix CVE-2021-33491 in OX App Suite, it is recommended to update to a version higher than 7.10.5.