CVE-2024-45136

Name of the Vulnerable Software and Affected Versions InCopy versions 19.4, 18.5.3 and earlier

Description The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution by an attacker. An attacker could exploit this by uploading a malicious file that can then be executed on the server. Exploitation requires user interaction.

Recommendations For InCopy versions 19.4, 18.5.3 and earlier, consider disabling file upload functionality until a patch is available to prevent exploitation. Restrict access to the server where the uploaded files are executed to minimize the risk of arbitrary code execution. Avoid using the vulnerable version of InCopy for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.