ghsa-8xj5-7228-hcfg
Vulnerability from github
Published
2022-05-24 17:49
Modified
2022-05-24 17:49
Details

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-25631"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-03T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn\u0027t match the denylist but results in ShellExecute attempting to launch an executable type.",
  "id": "GHSA-8xj5-7228-hcfg",
  "modified": "2022-05-24T17:49:24Z",
  "published": "2022-05-24T17:49:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25631"
    },
    {
      "type": "WEB",
      "url": "https://positive.security/blog/url-open-rce#open-libreoffice"
    },
    {
      "type": "WEB",
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.