VDB

GCVE-110-MAGEIA-2017-403

GCVE-110-MAGEIA-2017-403
Advisory Published
Vulnetix · Advisory published November 6, 2017
It was found that the CoreParser class in Lucene accepts doctype declaration and expands external entities. An attacker could use this flaw to bypass security restrictions and access sensitive data (CVE-2017-12629).

Affected Products

VendorProductVersionsPlatforms
Mageialucene0 (affected), 5.5.0-4.1.mga6 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›