CVE-2012-3353

HIGH

Apache Sling JCR ContentLoader < 2.1.6 - Information Disclosure via XmlReader File Import

Title source: llm
STIX 2.1

Description

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0314
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
apache/sling_jcr_contentloader 2.1.4
org.apache.sling/org.apache.sling.jcr.contentloader 0 - 2.1.6Maven
Published Jan 09, 2018
Tracked Since Feb 18, 2026