CVE-2012-3353

Description

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2012-3353
Base Score: 7.5
Base Severity: HIGH
Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

nvd
CVE ID: CVE-2012-3353
Base Score: 5.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:N/C:P/I:N/A:N

Refrence: NVD

Description​

Description