CVE-2022-2421 - Remote Code Execution (RCE)

Severity: Critical2023-01-06

Security Advisories

Abstract

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

The Oxygen products incorporate Socket.io as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v5.0.1 and olderCritical Oxygen Content Fusion 5.0.2 build 2022121305

Mitigation

None

Detail

CVE-2022-2421

Severity: Critical

CVSS Score: 9.8

The Socket.io third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-2421 vulnerability description.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Oxygen AI Positron: Your Helper in All Stages of Content Creation
May 8, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor