Közzétéve
2019-05-15 09:00
CiviCRM includes the PHPWord library. PHPWord v0.14 is vulnerable to an XML external entity attack - which is resolved in v0.15.
Security Risk
Moderately Critical
Vulnerability
Other
Affected Versions
CiviCRM versions 5.11.x and earlier
Fixed Versions
CiviCRM version 5.12.0 and 5.7.6
Solutions
Upgrade to the latest version of CiviCRM
Credits
Jianingwang of Tencent‘s XuanWuLab for reporting the issue
Seamus Lee of Australian Greens for fixing the issue
References
security/core#24