CVE-2019-9757

High

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or…

mitre·CWE-611·Published 2019-10-29

CVSS

7.5

EPSS

0.37

KEV

Exploits

cve.orgen

199 chars

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.

NVDen

199 chars

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.

Se descubrió un problema en LabKey Server versión 19.1.0. El envío de un SVG que contiene una carga útil XXE en el endpoint del archivo visualization-exportImage.view o visualization-exportPDF.view permite que archivos locales sean leídos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N