![]() ![]() ![]() Shenzen Tenda Technology IP Camera CP3 V11.041355 allows unauthenticated remote code execution via an XML document. There are no known workarounds apart from upgrading to a version including the fix. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid ` are removed in all attribute names. ![]()
0 Comments
Leave a Reply. |