VYPR
High severity8.8NVD Advisory· Published Jan 12, 2022· Updated Jun 17, 2026

CVE-2021-42560

CVE-2021-42560

Description

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • CALDERA/CALDERAdescription
  • Mitre/Calderallm-fuzzy
    Range: = 2.9.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.