Vulnerability Details CVE-2019-9757
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.261
EPSS Ranking 95.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9757
- https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9757
- https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce
Products affected by CVE-2019-9757
-
cpe:2.3:a:labkey:labkey_server:19.1.0