Headline
GHSA-vwjx-mmwm-pwrf: Lucee RCE/XXE Vulnerability
Impact
The Lucee team received a responsible disclosure of a security vulnerability which affects all previous releases of Lucee.
After reviewing the report and confirming the vulnerability, the Lucee team then conducted a further security review and found additional vulnerabilities which have been addressed as part of this this security update.
Patches
Lucee 5.4.3.2 and 5.3.12.1 stable releases have been patched with additional hardening
The older releases, 5.3.7.59., 5.3.8.236 and 5.3.9.173 have also been patched
Any users running older release, should plan to immediately upgrade to the latest stable release
6.0 will have a RC as it’s not yet released
Impact
The Lucee team received a responsible disclosure of a security vulnerability which affects all previous releases of Lucee.
After reviewing the report and confirming the vulnerability, the Lucee team then conducted a further security review and found additional vulnerabilities which have been addressed as part of this this security update.
Patches
Lucee 5.4.3.2 and 5.3.12.1 stable releases have been patched with additional hardening
The older releases, 5.3.7.59., 5.3.8.236 and 5.3.9.173 have also been patched
Any users running older release, should plan to immediately upgrade to the latest stable release
6.0 will have a RC as it’s not yet released
References
- GHSA-vwjx-mmwm-pwrf
- https://nvd.nist.gov/vuln/detail/CVE-2023-38693