FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.

Bobby Rauch of Accenture reports:

I ended up finding OpenGrok, and after careful testing, discovered that OpenGrok insecurely deserializes XML input, which can lead to Remote Code Execution. This vulnerability was found in all versions of OpenGrok <1.6.8 and was reported to Oracle. The vulnerability has now been patched in OpenGrok 1.6.9, and has been issued a CVE. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2322)


Discovery 2021-04-07
Entry 2021-12-21
opengrok
le 1.6.7

CVE-2021-2322
https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html
https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html
https://github.com/oracle/opengrok/pull/3528