Back to search
CVE-2012-3353
Published: Jan 8, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Sling | affected JCR ContentLoader 2.1.4 |
References
[dev] 20180108 CVE-2012-3353: Apache Sling Content Loading Vulnerability
mailing-list
x_refsource_MLIST
https://issues.apache.org/jira/browse/SLING-2512
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now