CVE-2021-41792
21.10.2021, 09:15
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.
| Vendor | Product | Version |
|---|---|---|
| alfresco | alfresco_content_services | 5.0.0.0 ≤ 𝑥 ≤ 5.2.7.11 |
| alfresco | alfresco_content_services | 6.0.0.0 ≤ 𝑥 ≤ 6.0.1.9 |
| alfresco | alfresco_content_services | 6.1.1.0 ≤ 𝑥 ≤ 6.1.1.10 |
| alfresco | alfresco_content_services | 6.2.0.0 ≤ 𝑥 ≤ 6.2.2.18 |
| alfresco | alfresco_transform_services | 𝑥 ≤ 1.3 |
𝑥
= Vulnerable software versions