Description
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader
Remediation
References
https://issues.apache.org/jira/browse/SLING-2512
https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E
Related Vulnerabilities
CVE-2018-17960 Vulnerability in npm package ckeditor
CVE-2012-5885 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2023-1584 Vulnerability in maven package io.quarkus:quarkus-oidc
CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework
CVE-2023-34035 Vulnerability in maven package org.springframework.security:spring-security-config