FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.

Bobby Rauch of Accenture reports:

I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok <1.6.8 and was reported to Oracle. The vulnerability has now been patched in OpenGrok 1.6.9, and has been issued a CVE. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2322)


Discovery 2021-04-07
Entry 2021-12-21
opengrok
<= 1.6.7

CVE-2021-2322
https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html
https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html
https://github.com/oracle/opengrok/pull/3528