CVE-2023-38693
Lucee RCE/XXE Vulnerability
描述
### Impact The Lucee team received a responsible disclosure of a security vulnerability which affects all previous releases of Lucee. After reviewing the report and confirming the vulnerability, the Lucee team then conducted a further security review and found additional vulnerabilities which have been addressed as part of this this security update. ### Patches Lucee 5.4.3.2 and 5.3.12.1 stable releases have been patched with additional hardening The older releases, 5.3.7.59., 5.3.8.236 and 5.3.9.173 have also been patched Any users running older release, should plan to immediately upgrade to the latest stable release 6.0 will have a RC as it's not yet released
如何修補 CVE-2023-38693
要修補 CVE-2023-38693,請將受影響套件升級到下列已修補版本。
- —升級至 5.3.12.1 或更新版本
CVE-2023-38693 正在被利用嗎?
低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 5.3.10.79-RC, < 5.3.12.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |