'[oss-security] CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path
From:       Marcus Lange <marcus () apache ! org>
Date:       2023-03-24 15:04:50
Message-ID: 39fbbc4c-95c1-2997-aeee-57982a76fcbd () apache ! org
[Download RAW message or body]

Severity: moderate

Description:

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java \
class path. This may lead to run arbitrary Java code from the current directory.

Credit:

European Commission's Open Source Programme Office (sponsor)

References:

https://openoffice.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-38745

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic