CVE-2023-30187

Name of the Vulnerable Software and Affected Versions ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2

Description An out of bounds memory access issue in the JavaScript File Handler component allows remote attackers to execute arbitrary code via a crafted JavaScript file. This can be exploited by running a specially formed JavaScript file, potentially leading to code execution.

Recommendations For versions 4.0.3 through 7.3.2, consider disabling the JavaScript File Handler component as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using crafted JavaScript files in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.