Maven package
info.magnolia/magnolia-core
pkg:maven/info.magnolia/magnolia-core
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46366 | — | < 6.2.4 | 6.2.4 | Feb 11, 2022 | An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | ||
| CVE-2021-46365 | — | < 6.2.4 | 6.2.4 | Feb 11, 2022 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | ||
| CVE-2021-46364 | — | < 6.2.4 | 6.2.4 | Feb 11, 2022 | A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | ||
| CVE-2021-46363 | — | < 6.2.4 | 6.2.4 | Feb 11, 2022 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | ||
| CVE-2021-46361 | — | < 6.2.12 | 6.2.12 | Feb 11, 2022 | An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. |
- CVE-2021-46366Feb 11, 2022affected < 6.2.4fixed 6.2.4
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
- CVE-2021-46365Feb 11, 2022affected < 6.2.4fixed 6.2.4
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
- CVE-2021-46364Feb 11, 2022affected < 6.2.4fixed 6.2.4
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
- CVE-2021-46363Feb 11, 2022affected < 6.2.4fixed 6.2.4
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
- CVE-2021-46361Feb 11, 2022affected < 6.2.12fixed 6.2.12
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.