CVE-2023-46502

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46502

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46502.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-46502

Aliases

GHSA-q74f-rf27-8hxc

Published

2023-10-30T23:15:08.857Z

Modified

2025-11-15T06:57:19.419798Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.

References

Affected packages

Git / github.com/opencrx/opencrx

Affected ranges

Type: GIT
Repo: https://github.com/opencrx/opencrx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ce7a71db0bb34ecbcb0e822d40598e410a48b399

Affected versions

opencrx-v4.*

opencrx-v4.0.0

opencrx-v4.1.0

opencrx-v4.2.0

opencrx-v4.3.0

opencrx-v4.3.0-rc.1

opencrx-v5.*

opencrx-v5.0-20200714

opencrx-v5.0-20200715

opencrx-v5.0-20200717

opencrx-v5.0-20200904

opencrx-v5.0.0

opencrx-v5.0.1

opencrx-v5.1.0

opencrx-v5.2.0

opencrx-v5.2.1

opencrx-v5.2.2

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 251.0,
            "function_hash": "4624990091803290678707408489062354619"
        },
        "signature_version": "v1",
        "id": "CVE-2023-46502-3c6a5e37",
        "target": {
            "file": "core/src/main/java/org/opencrx/application/uses/net/sf/webdav/methods/WebDavMethod.java",
            "function": "getDocumentBuilder"
        },
        "signature_type": "Function",
        "source": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "39934885853195052450453065661908994518",
                "266760719395484929759736260851091189294",
                "178180256037544602447252192311388835290",
                "121313014851447004866084138766703459135",
                "245124452989860056839988864709991956380",
                "34407548115015247540735715199724487811",
                "335642789312503842925020677321699332321",
                "243297730853301641368066154080238935851",
                "200887312163165406206747308362111544549",
                "70694710560957233126783157453894744840",
                "225850866145583930326272788243098206114"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2023-46502-5c1e4dba",
        "target": {
            "file": "core/src/main/java/org/opencrx/application/uses/net/sf/webdav/methods/WebDavMethod.java"
        },
        "signature_type": "Line",
        "source": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399",
        "deprecated": false
    }
]