CVE-2021-46365: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 12, 2022 (updated February 15, 2022)

An issue in the Export function of Magnolia allows attackers to execute arbitrary code via a crafted XLF file.

References

docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html
github.com/advisories/GHSA-3qpg-33wr-533j
nvd.nist.gov/vuln/detail/CVE-2021-46365

Detect and mitigate CVE-2021-46365 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →