High severity7.5NVD Advisory· Published Jan 9, 2018· Updated Jun 16, 2026
CVE-2012-3353
CVE-2012-3353
Description
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.sling:org.apache.sling.jcr.contentloaderMaven | < 2.1.6 | 2.1.6 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wjp3-4xcq-598pghsaADVISORY
- issues.apache.org/jira/browse/SLING-2512nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2012-3353ghsaADVISORY
- lists.apache.org/thread/owd2xw86l19dh1f1zlhq41l7wlnd16skghsaWEB
- lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3Envd
News mentions
0No linked articles in our index yet.