Two remote code execution (RCE) vulnerabilities that were found in the software’s document converter component were fixed in the most recent patch release. The CVSS ratings for CVE-2022-23100 and CVE-2022-24405 were 8.2 and 7.3, respectively.
Additionally, a server-side request forgery (SSRF) flaw was discovered in the document converter API (CVE-2022-24406) that might have allowed attackers to forecast multipart form data bounds and replace its contents. Read More…