CVE-2023-36470
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-36470
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36470.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-36470
- Aliases
- Published
- 2023-06-29T20:31:54.366Z
- Modified
- 2025-12-07T04:07:43.250960Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Code injection in icon themes of XWiki Platform
- Details
-
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set's HTML or XWiki syntax definition. The icon picker can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36470.json", "cwe_ids": [ "CWE-74" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36470.json
- https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94
- https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4
- https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf
- https://jira.xwiki.org/browse/XWIKI-20524
- https://nvd.nist.gov/vuln/detail/CVE-2023-36470
Affected packages
Git / github.com/xwiki/xwiki-commons
Git / github.com/xwiki/xwiki-platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xwiki/xwiki-platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
xwiki-application-calendar-1.*
xwiki-application-calendar-1.0
xwiki-platform-7.*
xwiki-platform-7.3-milestone-2
xwiki-platform-7.4-milestone-1
xwiki-platform-7.4-milestone-2
xwiki-platform-8.*
xwiki-platform-8.0-milestone-1
xwiki-platform-8.0-milestone-2
xwiki-platform-8.1-milestone-1
xwiki-platform-8.1-milestone-2
xwiki-platform-8.2-milestone-1
xwiki-platform-8.2-milestone-2
xwiki-platform-8.3-milestone-1
xwiki-platform-9.*
xwiki-platform-9.9-rc-2
xwiki-plugin-tag-1.*
xwiki-plugin-tag-1.1
Database specific
vanir_signatures
[
{
"id": "CVE-2023-36470-05a32fdd",
"signature_version": "v1",
"digest": {
"length": 457.0,
"function_hash": "167362306348135671665471178143531654629"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconRenderer.java",
"function": "render"
}
},
{
"id": "CVE-2023-36470-11cdc4c5",
"signature_version": "v1",
"digest": {
"length": 606.0,
"function_hash": "97482238270114087103089760096511428696"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconRendererTest.java",
"function": "render"
}
},
{
"id": "CVE-2023-36470-1404b7b6",
"signature_version": "v1",
"digest": {
"length": 153.0,
"function_hash": "244834841169735561414933014385068961062"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/VelocityRendererTest.java",
"function": "answer"
}
},
{
"id": "CVE-2023-36470-1982f835",
"signature_version": "v1",
"digest": {
"length": 95.0,
"function_hash": "337266517079331766163658824273480111348"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/VelocityRendererTest.java",
"function": "setUp"
}
},
{
"id": "CVE-2023-36470-241d9ad3",
"signature_version": "v1",
"digest": {
"line_hashes": [
"67565557627700931319228199702068503895",
"102984076788077792782370446247163018866",
"218964277863180905875782831767044594444",
"255325792764462768244064157664959706557",
"281672148073579728126160439180016115884",
"251685745378815514998577446902271292573",
"179348653741924404960218686654753005094",
"129279360994354527103964097920521079058",
"148393544456484234416988546984811695820",
"334184386895788389479022643325466803642",
"104496756352486077713390387785888925900",
"208342967799857750322793956743484688119",
"231005074527838624014931665711670087093",
"104738038848529217939404788543090788174",
"187747382649270175472320836876916228000",
"330713664893766228245058900886399418185",
"195195366465677549182838603185185637872",
"30079130123443132393567451961674218688",
"187914918929941156112000757286337158269",
"92389117636162400394182743585721169240",
"326944445460734839914372661613371868607"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconSetLoader.java"
}
},
{
"id": "CVE-2023-36470-24d311a7",
"signature_version": "v1",
"digest": {
"length": 376.0,
"function_hash": "103383763363025819950474057596170166316"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconRenderer.java",
"function": "use"
}
},
{
"id": "CVE-2023-36470-26c69a40",
"signature_version": "v1",
"digest": {
"length": 709.0,
"function_hash": "294002460542796823325950598208654778809"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/VelocityRenderer.java",
"function": "render"
}
},
{
"id": "CVE-2023-36470-2c1eec71",
"signature_version": "v1",
"digest": {
"line_hashes": [
"186257886105921465609961596766118795300",
"139468760374028263485783003857557406464",
"112373828094860435265442109265264482625",
"146597123566675978231324734126329141292",
"259475448993999329057619070662390118153",
"97970417009954173018239285044410082876",
"133606496443074809571464057606767679373",
"144905341468615933360973793916942193626",
"105559802686021836889246234123351026665",
"125343193288597049390395221357884331392",
"230867536206621499467341548929090653102",
"203679375360292437674541062547151746459",
"99026475264615959888631160073385941884",
"120233545785219953604249650514000990465",
"271592891843870900904336548306590462295",
"69669472497157927656661161062958484577",
"150433445100291173973268057411775310339",
"117087155363705637924915199155327030599",
"153885407916756547017568743525300856585",
"184240293772775492285718528050801700948",
"289050795764539028488064289187579087304",
"119259242082734671808718954609376667703",
"37375832830127780918741679491336021122",
"71227747639313315760167445830041107359"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconRenderer.java"
}
},
{
"id": "CVE-2023-36470-3d7de26c",
"signature_version": "v1",
"digest": {
"length": 474.0,
"function_hash": "102276309859725490829606383330481707571"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconSetLoaderTest.java",
"function": "loadIconSetWithException"
}
},
{
"id": "CVE-2023-36470-3ed0e9ac",
"signature_version": "v1",
"digest": {
"line_hashes": [
"33685260677850070333399814903615186429",
"123670860198531047804063892044240395509",
"214237272943969018425102057834421682742",
"105784309509016122854397709650390102781",
"139387483396833441521896498246038263252",
"306860258800819209345026815855391080618",
"74364373039251106110761614959734053343",
"326436653191459381459690772875657434611"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-rendering/xwiki-platform-rendering-xwiki/src/test/java/org/xwiki/rendering/script/RenderingScriptServiceTest.java"
}
},
{
"id": "CVE-2023-36470-478f31d6",
"signature_version": "v1",
"digest": {
"length": 644.0,
"function_hash": "286284374101782040912413866570687061235"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconRendererTest.java",
"function": "renderWithCSS"
}
},
{
"id": "CVE-2023-36470-5e3488f6",
"signature_version": "v1",
"digest": {
"length": 789.0,
"function_hash": "70340064962120365041964663244167492196"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/VelocityRendererTest.java",
"function": "renderTest"
}
},
{
"id": "CVE-2023-36470-79bbe6d5",
"signature_version": "v1",
"digest": {
"length": 115.0,
"function_hash": "190295472167338414654205969289925550230"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconSetLoaderTest.java",
"function": "setUp"
}
},
{
"id": "CVE-2023-36470-953e4fc5",
"signature_version": "v1",
"digest": {
"length": 710.0,
"function_hash": "281410439375850729444933663625753814701"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/VelocityRendererTest.java",
"function": "renderWhenEvaluateReturnsFalse"
}
},
{
"id": "CVE-2023-36470-972c2baa",
"signature_version": "v1",
"digest": {
"length": 454.0,
"function_hash": "155223453898466444447458072301571237496"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconSetLoaderTest.java",
"function": "loadIconSetFromWikiDocumentWithException"
}
},
{
"id": "CVE-2023-36470-98015481",
"signature_version": "v1",
"digest": {
"line_hashes": [
"108738611910678758111537338281372079011",
"221624936547605104227952263841405386255",
"33977034592649684060272665255728904967",
"165144531513986220896745143083316767788",
"249342552812747742316725212642830826736",
"162512055982551606276086881299026403190",
"216562146874640400460183933490482372794",
"294929482346962534283399051375605999621",
"296443182975759111226471608742734734267",
"61054469069565289054665910772560138849",
"294735404397108524725704617372375661603",
"171266838345744622300115436486619484987",
"132948031446729690020677691695148902939",
"252032147907490673288270587013258006226",
"293810700328229211246102467954722395349",
"74290687273821017649348833554771578273",
"337658026094407268726461792352206388013",
"80358629296050429579348579092124479304",
"797866898877293196650509104305972471",
"108625188472984636751606576399834650077",
"115833332767376644681372461231557622926",
"118931906854021452592301432899324168878",
"207873988002434144204208216343036085954",
"202584809444324364360911147989491975972",
"254821005650451852520606435953436797022",
"251239674345814764202422174996868268409",
"160212957160613940221030345986448128937",
"81705407821086722947955685904025553073",
"45669203088458286483712704593657192369",
"6448902740635849345464506197789118761",
"15641995570274199624170187557922791843",
"274319311890237287559949108829238610448",
"313111391530559657579852521400086526749",
"325788153788404157234857809917017912968",
"325336748140608647505659432073450483916",
"252587606067350900371571882658025209911",
"208269031523186160932271542346574590220",
"291849537926416284886275612203478100930",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/VelocityRenderer.java"
}
},
{
"id": "CVE-2023-36470-a4329110",
"signature_version": "v1",
"digest": {
"length": 866.0,
"function_hash": "329178531347279818962095115181884363010"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-rest/xwiki-platform-icon-rest-default/src/test/java/org/xwiki/icon/internal/DefaultIconThemesResourceTest.java",
"function": "getIconsIconManagerException"
}
},
{
"id": "CVE-2023-36470-ad1ff1a0",
"signature_version": "v1",
"digest": {
"length": 374.0,
"function_hash": "212622519290502770801948560799068724794"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/VelocityRendererTest.java",
"function": "renderWithException"
}
},
{
"id": "CVE-2023-36470-b0ca02c5",
"signature_version": "v1",
"digest": {
"length": 236.0,
"function_hash": "26855377490642785531314238077087243585"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconRenderer.java",
"function": "activeCSS"
}
},
{
"id": "CVE-2023-36470-b4e2b7e0",
"signature_version": "v1",
"digest": {
"length": 654.0,
"function_hash": "120993837924718924966488115955106462809"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconRendererTest.java",
"function": "renderHTMLWithCSS"
}
},
{
"id": "CVE-2023-36470-b4f85c91",
"signature_version": "v1",
"digest": {
"length": 84.0,
"function_hash": "203844044787595970245504793749083586091"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconRenderer.java",
"function": "activeJSX"
}
},
{
"id": "CVE-2023-36470-bbc69b87",
"signature_version": "v1",
"digest": {
"length": 474.0,
"function_hash": "135008203413422514926709030187072464"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconSetLoader.java",
"function": "loadIconSet"
}
},
{
"id": "CVE-2023-36470-bdb24dee",
"signature_version": "v1",
"digest": {
"length": 432.0,
"function_hash": "259303389468083204480603995620573092579"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconRendererTest.java",
"function": "renderHTML"
}
},
{
"id": "CVE-2023-36470-be6bd85e",
"signature_version": "v1",
"digest": {
"length": 444.0,
"function_hash": "83246499104815639892527676552548932873"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconRendererTest.java",
"function": "renderWithException"
}
},
{
"id": "CVE-2023-36470-c7cdf5c0",
"signature_version": "v1",
"digest": {
"line_hashes": [
"237393447335847487204927714246557000966",
"173862205205381332092297619573661824990",
"47064045636163589897499611970842528437",
"166668652556785557941879370805903060957"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-rest/xwiki-platform-icon-rest-default/src/test/java/org/xwiki/icon/internal/DefaultIconThemesResourceTest.java"
}
},
{
"id": "CVE-2023-36470-c8e65fdd",
"signature_version": "v1",
"digest": {
"length": 246.0,
"function_hash": "183129457557315886379864069111552303008"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconSetLoaderTest.java",
"function": "loadIconSet"
}
},
{
"id": "CVE-2023-36470-cdf45dac",
"signature_version": "v1",
"digest": {
"length": 734.0,
"function_hash": "318885475359250766967284981702448598767"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconSetLoaderTest.java",
"function": "loadIconSetFromWikiDocument"
}
},
{
"id": "CVE-2023-36470-ce58604b",
"signature_version": "v1",
"digest": {
"length": 86.0,
"function_hash": "220899251335035183190622370947764694248"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconRenderer.java",
"function": "activeSSX"
}
},
{
"id": "CVE-2023-36470-d667b091",
"signature_version": "v1",
"digest": {
"line_hashes": [
"145464214587563524171426626519679311892",
"89623444479823822254177665001654473930",
"282241890043480848861773406111214411399",
"118523274149810776688638351509372205608",
"210796141075080754920562523681483064713",
"47716524359621369367123033394858408735",
"41434161359010349772524000039775676991",
"234676002825232882151377210770829652292",
"156254165669041495033746876102506487404",
"135848122679204205839860372868018422006",
"318908459016507843521628701561710287192",
"214762571048199052266028973209796071684",
"177536925284024579032684691027716447356",
"246664931803831466817669944234750803130",
"16440006600108845841779803802954560093",
"33321174043249903506919944934823258024",
"198887187794249589341410980262503115967",
"25757872282188661041839620028915285838",
"122064718394988455366800237944301768645",
"161754206596111572628652626874005483069",
"220809128566993099113668276955249924908",
"182473820597776269978021397002656500481",
"321383127403437247128882773196214067611",
"280668490039721225841722524302465782721",
"282118775004821563730659120351478006514",
"42182173149027336033724628704138231979",
"83328049848197040645831414870056420876",
"35476690641084653296287587734300187008",
"15136118611796208204539587487711436265",
"250344883881715470873571383966501339566",
"198424864568498951121995637816936953047",
"54978304795220021314113254036378280876",
"138004054475981371758833544026691777100",
"151361984606504914285711372679650313230",
"60043181745902932198394584151479368505"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconSetManager.java"
}
},
{
"id": "CVE-2023-36470-dc40ca88",
"signature_version": "v1",
"digest": {
"line_hashes": [
"30576918382571963830229095977499524098",
"312269859637585696593759985122697587382",
"322540056360012579836002844305314255981",
"204063042478541680066769828259366776944",
"251597688942397798268804977785824143606",
"200518712878754524048043543788031298322",
"224766290158586798287126914570951638421",
"8196427614732457795538363817552457015",
"197966530045828850370921896118076789075",
"335591987792948281899890881148844267090",
"6087375694854643994638264223542976285",
"167063837693407771102498850190440734658",
"72936634736463236118907572067473317930",
"213912800661618832910835946379945710715",
"305527326240095256169823595326999622143",
"301754947803591789705693240206868623388",
"193863339280830290740218585423292517701",
"317844140753318475890505806452125159482",
"18967456857337440842104780593390099518",
"197271799645937272540923005506941775168",
"332622468063648687991474683074812414275",
"306713223649719378289232059425605954317",
"116065028348971185904935739100132417656",
"7930421488937791892301063289494481108",
"60483529170276289699454364962720648012"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconRendererTest.java"
}
},
{
"id": "CVE-2023-36470-e15a5176",
"signature_version": "v1",
"digest": {
"line_hashes": [
"96690812446091339856656471857597821134",
"335874827072146337420830158590572204840",
"339000298603414396751988950145560368333",
"318496629753024952972179588931282451156",
"112899936648506404315923173330305383788",
"280462942225917422670186474350750815924",
"117879382830857409886933442104205127289",
"252875466500864464521566321900293167438",
"168074424062572117827069704714427871027",
"263145974067752234610029089581572762734",
"280335006369351119505050881726117557761",
"315450827249570592065644203015520337753",
"208599258530884048506356133061863533435",
"231874719638575563023889309022847836301",
"36306805027669845309908568775714032795",
"111673430135588497563413423890805394189",
"35568124635204987056680169008288346393",
"57574151531087889962534711921397658723",
"248585046748960618112667909607551666349",
"201571600781246330720947636373985865366",
"285254002427107357793445905042714409435",
"153485535893426643763410465301781902802",
"259361805894148267697673970605270212970",
"253117620791626268312315050266296409591",
"142937389810574169025569164008165461820",
"25981167892543161926198272183417318035",
"11703755600359919290085960152080619374",
"218497183062740024092396281088676571842",
"191426642186971358190549067864045563928",
"215647769807706837761061601066482049918",
"184164382501220463344864099057924916972",
"91219122031793053717499861606947574209",
"224213926453000652841595940075174833583",
"26997630767991193738080815287163563646",
"168378230354428342702688751613298001187"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-rendering/xwiki-platform-rendering-xwiki/src/main/java/org/xwiki/rendering/script/RenderingScriptService.java"
}
},
{
"id": "CVE-2023-36470-e208063a",
"signature_version": "v1",
"digest": {
"line_hashes": [
"211158542113375481110727372067863135314",
"130599293719346514739688730330189867169",
"188813703809249892206883481246713784953",
"179922331306168593056232028339263086184",
"14678445647234583499537720731304526283",
"266327346398379888476719160279730584851",
"129376217015437656408283942362242080150",
"315830315562636633600160470007313012003",
"119967250458120485123076990488900347660",
"177328091334745574289971136321556843533",
"82024671910938414704304822380454489907",
"308423107115460905053613977459743676507",
"132426658199235778085679212435919208817",
"76607500846694852046093081196345678863",
"282428326106031468307600538784041527541",
"126737378997457359139087944659277048173",
"45699621699278768409644920769232346180",
"235577614361481394271673694746713117161",
"209847125475606158141358029563758050862",
"128828639124241604308954936925324807957",
"98054296929275487606132897993820746838",
"203555970910407852118722091887471897491",
"152394603578655913363220990305869543914",
"3527949497153392186689066981067331841",
"238859618644603946511984559711003718162",
"301671468773514852820307049771810850781",
"315452809724216153239640430466862377627",
"144774033380150334542002672371008277016",
"206279161045178860741753337029703457630",
"61421059264289658686875917412048893402",
"306485873171453058947943751315688201827",
"7183830391915741266590235579565626137",
"338482216160174938911216025411441198992",
"178598913642392041731895715141463616634",
"173494443270175307457028784735584743629",
"202379997326352987508264873991975796524",
"146667200644025606455829512324541099221",
"292121802995190270823054041517847155322",
"29229685354903024059394740288736497899",
"241968071933964375488343619480447240613",
"262880649771108072075891843893363844701",
"282253738453546037045212048734362327094",
"54434351741274519366174658750248437901",
"33494272432451521971941403309521064136",
"45322677844331077936925808193186082358",
"121080620950072108031073095692861149591",
"63162933369308239614083894555253133555",
"179483181696101369157474268815122647955",
"172855891843826655579849856870569660837",
"103434102998197940724407261660629760240",
"9993185289735005762473148100893269598",
"123163266279001453355821207979024451316",
"69383943864544471055454984767648579785",
"186674423103814571010453153348610636687",
"197109209444237398766596358409636085338",
"39621279458754060544519655499984371082",
"303821861175476878828825637815815285182",
"194729564453109444770553302982452892821",
"256511423561500492476005062416861685286",
"270273961383776642418188618523854461709",
"35984958886532018626352227675437236034",
"320281089815824262043181050803337195407",
"69091488806881486828329450299012983914",
"239814790395071902354262403008531048002",
"47127550471288068204607531905648287691",
"248642044170098773602426217774074376093",
"325427256418181669535161234892471023306",
"78109672075240834086072022418320782817",
"54845470225655733231155826216122981492",
"71459772199051927073413188092266617630",
"243045202816028015343189555751245971651",
"39621279458754060544519655499984371082",
"303821861175476878828825637815815285182",
"194729564453109444770553302982452892821",
"103805161142909142071193277121691520258",
"50143605146981450096354116684689098255",
"123365743435704215956968809450593773254"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconSetLoaderTest.java"
}
},
{
"id": "CVE-2023-36470-e7225ba6",
"signature_version": "v1",
"digest": {
"line_hashes": [
"236928848963099058166833612312561018934",
"120802663149481107009396041066067327152"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-api/src/main/java/org/xwiki/icon/IconException.java"
}
},
{
"id": "CVE-2023-36470-e98981d7",
"signature_version": "v1",
"digest": {
"length": 901.0,
"function_hash": "196023620501411330272750317238999479620"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/main/java/org/xwiki/icon/internal/DefaultIconSetManager.java",
"function": "getIconSet"
}
},
{
"id": "CVE-2023-36470-ec497285",
"signature_version": "v1",
"digest": {
"line_hashes": [
"47583762062553743515792762667920106767",
"203060760975751620012110310395925713925",
"29166595586466143103290196561440396701",
"232818223395689470808586369942656888870",
"1309392453347303137534787259572628085",
"153436398388917634990831282276758814605",
"187752385065046682269065236476440180379",
"205775344043148942470550931084628024904",
"44075152038947740914178107884748118650",
"327165900178270848674473696945860471798",
"61537249934596584109812073954892198142",
"484283611899902708905911883326303725",
"51363734642771856416917991965760747538",
"201420541890806748796537672046349922755",
"272066079620147422531136348093232054019",
"26601917603189795462872632703316836597",
"250180496137074024504837494382553013432",
"307350852549596735308264438305448951197",
"252863084734793116189515014248231023770",
"34589815753410107818930711916879500759",
"186109735369133449235755459826816449054",
"324715300440100982128003324508679143380",
"146434968596548069201309197217190006379",
"262756610751541729305193554208824913179",
"179605799680808009595587151682223964748",
"250765960627504162926494928449144647490",
"157227629565539358415228057132385281489",
"192863654259262409969864728086140816174",
"158829087818798488892509252050027247123",
"302765466643995386986422695224786096692",
"257358414922649087894101362160825386201",
"286432562979915544429734044518601363097",
"280502722573347884425798524286900892378",
"328763015085373513808497787352099091394",
"258594572335800821148061865961055950531",
"58937985375866078715111589823785921627",
"79039670491061128657272426550555996116",
"212961328473754422340705901706482610719",
"193619107450926165811910963919631512387",
"8379590505717664852356424050796215821",
"238052066815752301958261322429244846933",
"215709952029037381212296719279831772964",
"48425340877146816828348494610561610073",
"186124625001613883501710011484041990710",
"135288289872642586703049897552015787202",
"48573548698879560651778013222928294508",
"25997969298049612925398642640147922119",
"220220947250717127781666171830343242857",
"44169084458251735576773413017502353340",
"179209148430151205533322404769641630463",
"195591775495898064395925349627075860826",
"237316637762058587230118982100257975739",
"70386169788011349011639261677476215111",
"106204619433042024500725818840397659515",
"145435376898612527603504793906014198839",
"54488193911535700678684446993015651937",
"23119393720216480399528648918191996311",
"26300718587436467204906828001080566610",
"275158909050259905391069653160268195925",
"63070623403452020338791057686340691215",
"138344095575444695857354078042604242880",
"92560043452840884382997121724699060414",
"21133393769305604301014180049701458979",
"275848413828005474473922107761172937186",
"324546494652047436171064011017297683623",
"232846281258360804055905818768896984075",
"106204619433042024500725818840397659515",
"145435376898612527603504793906014198839",
"54488193911535700678684446993015651937",
"23119393720216480399528648918191996311",
"259460032646307928465835147308958071648",
"213853047008405747857829669225736398153",
"115632643034891156580423747450386410787",
"228090489212725802532209265801993526111",
"132065215527646106608123518436167944368"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/VelocityRendererTest.java"
}
},
{
"id": "CVE-2023-36470-ee10ead6",
"signature_version": "v1",
"digest": {
"length": 630.0,
"function_hash": "195219740566999636390562964949942726104"
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconRendererTest.java",
"function": "renderIcon"
}
},
{
"id": "CVE-2023-36470-f7a8f293",
"signature_version": "v1",
"digest": {
"line_hashes": [
"251816856439883356466173850753899216315",
"194414709720285015641874350573425099047",
"138888942579166172740564951312117847750",
"24539659342402662930335519148383183882",
"293484947848346056625464582884025331936",
"270332629011468227813332464288977672156",
"12683467672198662437737755101613696669",
"186043524403917319983291250580836686600",
"251006164710186369674579248992470178045",
"119095956572842698012316124600553959001",
"223146419939045870207886326347474781232",
"109616780365301586547457046836421337189",
"52242786640227147128316025189622878668",
"85161223570278908143513298283277201445",
"213539884163280630635112705011102504909",
"96859102654697794058044708591878389071",
"152008372085664651867498071190232762000",
"190016770894831229561761203769311600441"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-default/src/test/java/org/xwiki/icon/internal/DefaultIconSetManagerTest.java"
}
},
{
"id": "CVE-2023-36470-f8930fa6",
"signature_version": "v1",
"digest": {
"line_hashes": [
"27861632557942009497408468152215074305",
"229096197253406542089916657126794373557",
"93907919267517321169090627712232696399",
"112329200286804898104361452547609890554",
"232457829947828703443148803958968656822",
"176897285250181819160087933674260709383",
"22270232924366524853356568333473012096",
"15359252549495011470481274934977859774",
"239084025743096392165254422919849763486",
"244184168667629606899602979781634521218",
"248208178674563538030034906012656100138",
"191596742355564499590569903525085742007",
"117800230702513607024092018047137726104",
"25235806299350615832906416753739195337",
"177624343436457314670504522781211786204",
"85874908834254290659700327426166029361",
"271255115837404177023565723755490597462",
"140428380594162755743995639714774767516",
"124558016209159283481646161644822676820",
"182212813107894062488770441858783076376",
"191596742355564499590569903525085742007",
"117800230702513607024092018047137726104",
"181647660860353690582243581846950614079",
"292782863660767664032125060574126303688",
"214899081688534343951144310216753454313",
"73340829179273529681881744895011403643",
"270161507798638059892376100016552749060",
"24562272573100216375190806570649160730",
"322874919840593583307924229033941824302",
"191596742355564499590569903525085742007",
"117800230702513607024092018047137726104",
"287233042906784310196415293542426424084",
"286821204615302184236248106853686170878"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-script/src/main/java/org/xwiki/icon/IconManagerScriptService.java"
}
},
{
"id": "CVE-2023-36470-fed5ef33",
"signature_version": "v1",
"digest": {
"line_hashes": [
"178196986514532193319620878014093741053",
"156214401978161510015884732629814521608",
"62222566363147590560744992947397854381",
"249349813045502196285748639299514507553",
"104646086363849189943787613994782863942",
"180282307505276375475088207369014656211",
"117660104054054034053467241699253724165",
"24648757862496403107322822296546413047"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-api/src/main/java/org/xwiki/icon/IconSet.java"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36470.json"