Headline

CVE-2023-48314: Unescaped passing of the request URL

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.

11 months ago

CVE

Open in Source

#vulnerability #git #php

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Additional navigation options

Package

No package listed

Affected versions

<23.5.403

Patched versions

23.5.403

Description

Impact

Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php.

Patches

The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403.

Workarounds

None, except removing Collabora Online - Built-in CODE Server (richdocumentscode) app.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago