CVE-2023-46502

Name of the Vulnerable Software and Affected Versions openCRX version 5.2.2

Description An issue in openCRX allows a remote attacker to read internal files and execute server side request forgery attacks via insecure DocumentBuilderFactory. Additionally, it is possible for a remote attacker to execute arbitrary code via a crafted request.

Recommendations For openCRX version 5.2.2, consider disabling the use of DocumentBuilderFactory until a patch is available to prevent server side request forgery attacks and arbitrary code execution. Restrict access to internal files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.