CVE-2022-29851

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-29851

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29851.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-29851

Published

2022-10-25T17:15:51.937Z

Modified

2026-02-22T01:33:02.562173Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.

References

https://packetstormsecurity.com/files/168242/OX-App-Suite-Cross-Site-Scripting-Command-Injection.html

Affected packages

Git / github.com/open-xchange/appsuite-frontend

Affected ranges

Type: GIT
Repo: https://github.com/open-xchange/appsuite-frontend
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

489e7d0bf2bb0dc4c984860c4ce6f4d772086875

Affected versions

7.*

7.0.0-10

7.0.0-11

7.0.0-12

7.0.0-8

7.0.0-9

7.0.1-1

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.10.0-0

7.10.0-10

7.10.0-2

7.10.0-3

7.10.0-4

7.10.0-5

7.10.0-6

7.10.0-7

7.10.0-8

7.10.0-9

7.10.1-1

7.10.1-2

7.10.1-3

7.10.1-4

7.10.2-1

7.10.2-2

7.10.2-3

7.10.3-0

7.10.3-1

7.10.3-2

7.10.3-3

7.10.4-0

7.10.4-1

7.10.4-2

7.10.4-3

7.10.4-4

7.10.4-5

7.10.4-6

7.10.5-0

7.10.5-1

7.10.5-2

7.10.5-3

7.10.5-4

7.10.5-5

7.10.6-0

7.2.0-1

7.2.0-2

7.2.0-3

7.2.0-4

7.2.0-5

7.2.0-6

7.2.1-1

7.2.1-2

7.2.1-3

7.2.1-4

7.2.1-5

7.2.1-6

7.2.2-1

7.2.2-11

7.2.2-12

7.2.2-13

7.2.2-14

7.2.2-15

7.2.2-16

7.2.2-17

7.2.2-18

7.2.2-19

7.2.2-2

7.2.2-20

7.2.2-3

7.2.2-4

7.2.2-5

7.2.2-6

7.2.2-7

7.2.2-8

7.2.2-9

7.4.0-1

7.4.0-10

7.4.0-11

7.4.0-12

7.4.0-13

7.4.0-14

7.4.0-15

7.4.0-16

7.4.0-17

7.4.0-18

7.4.0-19

7.4.0-2

7.4.0-3

7.4.0-4

7.4.0-5

7.4.0-6

7.4.0-7

7.4.0-8

7.4.0-9

7.4.1-1

7.4.1-10

7.4.1-11

7.4.1-2

7.4.1-3

7.4.1-4

7.4.1-5

7.4.1-6

7.4.1-7

7.4.1-8

7.4.1-9

7.4.2-1

7.4.2-10

7.4.2-11

7.4.2-12

7.4.2-13

7.4.2-14

7.4.2-15

7.4.2-16

7.4.2-17

7.4.2-18

7.4.2-19

7.4.2-2

7.4.2-20

7.4.2-21

7.4.2-22

7.4.2-23

7.4.2-24

7.4.2-25

7.4.2-26

7.4.2-27

7.4.2-28

7.4.2-29

7.4.2-3

7.4.2-4

7.4.2-5

7.4.2-6

7.4.2-7

7.4.2-8

7.4.2-9

7.6.0-1

7.6.0-10

7.6.0-11

7.6.0-12

7.6.0-13

7.6.0-14

7.6.0-15

7.6.0-16

7.6.0-17

7.6.0-2

7.6.0-3

7.6.0-4

7.6.0-5

7.6.0-6

7.6.0-7

7.6.0-8

7.6.0-9

7.6.1-1

7.6.1-10

7.6.1-11

7.6.1-12

7.6.1-13

7.6.1-14

7.6.1-15

7.6.1-16

7.6.1-17

7.6.1-18

7.6.1-19

7.6.1-2

7.6.1-20

7.6.1-21

7.6.1-22

7.6.1-23

7.6.1-24

7.6.1-25

7.6.1-26

7.6.1-3

7.6.1-4

7.6.1-5

7.6.1-6

7.6.1-7

7.6.1-8

7.6.1-9

7.6.2-1

7.6.2-10

7.6.2-11

7.6.2-12

7.6.2-13

7.6.2-14

7.6.2-15

7.6.2-16

7.6.2-17

7.6.2-18

7.6.2-19

7.6.2-2

7.6.2-20

7.6.2-21

7.6.2-22

7.6.2-23

7.6.2-24

7.6.2-25

7.6.2-26

7.6.2-27

7.6.2-28

7.6.2-29

7.6.2-3

7.6.2-4

7.6.2-5

7.6.2-6

7.6.2-7

7.6.2-8

7.6.2-9

7.8.0-1

7.8.0-2

7.8.0-3

7.8.0-4

7.8.0-5

7.8.0-6

7.8.0-7

7.8.0-8

7.8.0-9

7.8.1-1

7.8.1-2

7.8.1-3

7.8.1-4

7.8.1-5

7.8.1-6

7.8.1-7

7.8.2-1

7.8.2-2

7.8.2-3

7.8.2-4

7.8.3-1

7.8.3-2

7.8.3-3

7.8.3-4

7.8.3-5

7.8.4-1

7.8.4-2

7.8.4-3

Other

Test

as-next

sprint_20

sprintreview_2013_07_12

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29851.json"