CVE-2021-29447 - log back

CVE-2021-29447 edited at 16 Apr 2021 11:26:53
Description
- Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XML external entity injection (XXE) attacks. This requires the WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release.
+ A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XML external entity injection (XXE) attacks. This requires the WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release.
References
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
+ https://github.com/WordPress/wordpress-develop/commit/c34e753c88caaeefdf12ca45d151d14073e26197
CVE-2021-29447 edited at 16 Apr 2021 11:21:57
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Xml external entity injection
Description
+ Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XML external entity injection (XXE) attacks. This requires the WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release.
References
+ https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
Notes
CVE-2021-29447 created at 16 Apr 2021 11:20:35