CVE-2012-3353
HIGHApache Sling JCR ContentLoader < 2.1.6 - Information Disclosure via XmlReader File Import
Title source: llmDescription
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E
Vendor Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/SLING-2512
Scores
CVSS v3
7.5
EPSS
0.0314
EPSS Percentile
86.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
apache/sling_jcr_contentloader
2.1.4
org.apache.sling/org.apache.sling.jcr.contentloader
0 - 2.1.6Maven
Published
Jan 09, 2018
Tracked Since
Feb 18, 2026