Spookhorror

**Name of the Vulnerable Software and Affected Versions** openCRX version 5.2.2 **Description** An issue in openCRX allows a remote attacker to read internal files and execute server side request forgery attacks via insecure DocumentBuilderFactory. Additionally, it is possible for a remote attacker to execute arbitrary code via a crafted request. **Recommendations** For openCRX version 5.2.2, consider disabling the use of DocumentBuilderFactory until a patch is available to prevent server side request forgery attacks and arbitrary code execution. Restrict access to internal files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MuPDF version 1.21.1 **Description** The issue is related to an infinite recursion in the `pdf mark list push` component, which can be exploited by attackers to cause a Denial of Service (DoS) via a crafted PDF file. This allows an attacker to disrupt the service. **Recommendations** For MuPDF version 1.21.1, as a temporary workaround, consider disabling the `pdf mark list push` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.