Collabora Online up to 4.2.17/6.4.9-4 Online Editor resource injection

Summaryinfo

A vulnerability, which was classified as critical, has been found in Collabora Online up to 4.2.17/6.4.9-4. Affected by this vulnerability is an unknown functionality of the component Online Editor. Performing a manipulation results in resource injection. This vulnerability is known as CVE-2021-32744. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in Collabora Online up to 4.2.17/6.4.9-4. This affects an unknown functionality of the component Online Editor. The manipulation with an unknown input leads to a resource injection vulnerability. CWE is classifying the issue as CWE-99. The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was published 07/22/2021. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2021-32744. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 4.2.17-1 or 6.4.9-5 eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• Collabora Online

Version

• 4.2.0
• 4.2.1
• 4.2.2
• 4.2.3
• 4.2.4
• 4.2.5
• 4.2.6
• 4.2.7
• 4.2.8
• 4.2.9
• 4.2.10
• 4.2.11
• 4.2.12
• 4.2.13
• 4.2.14
• 4.2.15
• 4.2.16
• 4.2.17
• 6.4.9-4

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion