Vulnerability Description
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Onlyoffice | Document Server | >= 4.0.3, <= 7.3.2 |
Related Weaknesses (CWE)
References
- http://onlyoffice.comProduct
- https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2ExploitPatchThird Party Advisory
- https://github.com/ONLYOFFICE/DocumentServerProduct
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205dProduct
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205dNot Applicable
- https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d6115PatchVendor Advisory
- http://onlyoffice.comProduct
- https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2ExploitPatchThird Party Advisory
- https://github.com/ONLYOFFICE/DocumentServerProduct
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205dProduct
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205dNot Applicable
- https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d6115PatchVendor Advisory
FAQ
What is CVE-2023-30187?
CVE-2023-30187 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
How severe is CVE-2023-30187?
CVE-2023-30187 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-30187?
Check the references section above for vendor advisories and patch information. Affected products include: Onlyoffice Document Server.