{"id":"CVE-2017-1000140","details":"Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.","modified":"2026-04-10T03:56:01.078391Z","published":"2017-11-03T18:29:00.557Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/mahara/+bug/1404117"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/maharaproject/mahara","events":[{"introduced":"0"},{"last_affected":"c97ba68462a8fad83036d1b896a1e412729604ee"},{"introduced":"0"},{"last_affected":"604f1385745ab72561e0bbe6a638155c7ea349bf"},{"introduced":"0"},{"last_affected":"d48a2752a7bd79468915295e40530feef75ceeda"},{"introduced":"0"},{"last_affected":"1bf2cd2c62d191573aa118f9b5e382badd9d7f7f"},{"introduced":"0"},{"last_affected":"1960a70b7b0c42a600d7e0cb3b1812ce4a2cc83b"},{"introduced":"0"},{"last_affected":"6b198414484a5cde0b84af1d4d581184faa81e53"},{"introduced":"0"},{"last_affected":"ad61ae402fb169cc8081b98e5a2e6822d362b22e"},{"introduced":"0"},{"last_affected":"048e62ab06cc56febc61ca78655bc6ff156b84cd"},{"introduced":"0"},{"last_affected":"d10d29804684eb34f5ba659030f537559013f554"},{"introduced":"0"},{"last_affected":"91a483f6f5f2b9fb09bc33c4c98cea66581587cc"},{"introduced":"0"},{"last_affected":"ccbf63bbaf768784757dd8b7a6e3841eb55ad9cd"},{"introduced":"0"},{"last_affected":"01d7c8e0fa6ad9d06fd8de8f25dbc8e299373216"},{"introduced":"0"},{"last_affected":"5565883f64ce37a7e1313b91c2862e8b837101c4"},{"introduced":"0"},{"last_affected":"776a4bab9a37273823ef081fab1357d7c0cf91e8"},{"introduced":"0"},{"last_affected":"b0e585768829456eb7174936b533ccfcc024264c"},{"introduced":"0"},{"last_affected":"2f5c68b907e43feb45f419665d221d78510d6cce"},{"introduced":"0"},{"last_affected":"f670d266749f243f82da7e707cad564a79a3dfe4"},{"introduced":"0"},{"last_affected":"51aa89acd91866bf1440acf3a8eb0b68774a1e14"},{"introduced":"0"},{"last_affected":"c055d23e1454d15bd96d8589da8687aa444e1bfb"},{"introduced":"0"},{"last_affected":"48a238a2f76a7ea322580fe93b7c026becd9acce"},{"introduced":"0"},{"last_affected":"39ac3f76ea3981e204aca4f25a6d60bd988094f0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8-rc1"},{"introduced":"0"},{"last_affected":"1.8-rc2"},{"introduced":"0"},{"last_affected":"1.8.0"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"},{"introduced":"0"},{"last_affected":"1.8.4"},{"introduced":"0"},{"last_affected":"1.8.5"},{"introduced":"0"},{"last_affected":"1.8.6"},{"introduced":"0"},{"last_affected":"1.9-rc1"},{"introduced":"0"},{"last_affected":"1.9.0"},{"introduced":"0"},{"last_affected":"1.9.1"},{"introduced":"0"},{"last_affected":"1.9.2"},{"introduced":"0"},{"last_affected":"1.9.3"},{"introduced":"0"},{"last_affected":"1.9.4"},{"introduced":"0"},{"last_affected":"1.10-rc1"},{"introduced":"0"},{"last_affected":"1.10.0"},{"introduced":"0"},{"last_affected":"1.10.1"},{"introduced":"0"},{"last_affected":"1.10.2"},{"introduced":"0"},{"last_affected":"15.04-rc1"},{"introduced":"0"},{"last_affected":"15.04-rc2"}]}}],"versions":["1.0.0ALPHA1_RELEASE","1.0.0ALPHA2_RELEASE","1.0.0BETA2_RELEASE","1.1.0ALPHA1_RELEASE","1.1.0ALPHA2_RELEASE","1.1.0ALPHA3_RELEASE","1.1.0BETA2_RELEASE","1.1.0BETA4_RELEASE","1.10.0_RELEASE","1.10.1_RELEASE","1.10.2_RELEASE","1.10RC1_RELEASE","1.2.0ALPHA2_RELEASE","1.2.0ALPHA3_RELEASE","1.3.0BETA1_RELEASE","1.3.0BETA2_RELEASE","1.4.0ALPHA1_RELEASE","1.7RC1_RELEASE","1.8.0_RELEASE","1.8.1_RELEASE","1.8.2_RELEASE","1.8.3_RELEASE","1.8.4_RELEASE","1.8.5_RELEASE","1.8.6_RELEASE","1.8RC1_RELEASE","1.8RC2_RELEASE","1.9.0_RELEASE","1.9.1_RELEASE","1.9.2_RELEASE","1.9.3_RELEASE","1.9.4_RELEASE","1.9RC1_RELEASE","15.04RC1_RELEASE","15.04RC2_RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000140.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}