High severity8.8NVD Advisory· Published Jan 12, 2022· Updated Jun 17, 2026
CVE-2021-42560
CVE-2021-42560
Description
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CALDERA/CALDERAdescription
Patches
Vulnerability mechanics
References
2- github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42560-Unsafe%20XML%20Parsing-MITRE%20CalderanvdExploitThird Party Advisory
- github.com/mitre/caldera/releasesnvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.