{"id":"CVE-2021-3199","details":"Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.","modified":"2026-07-09T00:05:34.288835Z","published":"2021-01-26T18:16:28.507Z","references":[{"type":"ADVISORY","url":"https://github.com/ONLYOFFICE/DocumentServer/blob/903fe5ab7a275bd69c3c3346af2d21cf87ebeabf/CHANGELOG.md#563"},{"type":"EVIDENCE","url":"https://github.com/moehw/poc_exploits/tree/master/CVE-2021-3199/poc_uploadImageFile.py"},{"type":"EVIDENCE","url":"https://github.com/nola-milkin/poc_exploits/blob/master/CVE-2021-3199/poc_uploadImageFile.py"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/onlyoffice/documentserver","events":[{"introduced":"0"},{"fixed":"0187bea803abdd2b2b6ad8168272d77e27739add"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"5.6.3"}],"cpe":"cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*"}}],"versions":["ONLYOFFICE-DocumentServer-5.6.2","ONLYOFFICE-DocumentServer-5.6.1","ONLYOFFICE-DocumentServer-5.6.0","ONLYOFFICE-DocumentServer-5.5.3","ONLYOFFICE-DocumentServer-5.5.1","ONLYOFFICE-DocumentServer-5.5.0","ONLYOFFICE-DocumentServer-5.4.2","ONLYOFFICE-DocumentServer-5.4.1","ONLYOFFICE-DocumentServer-5.4.0-2","ONLYOFFICE-DocumentServer-5.3.4","ONLYOFFICE-DocumentServer-5.3.2","ONLYOFFICE-DocumentServer-5.3.1","ONLYOFFICE-DocumentServer-5.3.0","ONLYOFFICE-DocumentServer-5.2.8","ONLYOFFICE-DocumentServer-5.2.7","ONLYOFFICE-DocumentServer-5.2.6","ONLYOFFICE-DocumentServer-5.2.4","ONLYOFFICE-DocumentServer-5.2.3","ONLYOFFICE-DocumentServer-5.2.2","ONLYOFFICE-DocumentServer-5.2.0","ONLYOFFICE-DocumentServer-5.1.5","ONLYOFFICE-DocumentServer-5.1.4","ONLYOFFICE-DocumentServer-5.1.3","ONLYOFFICE-DocumentServer-5.1.2","ONLYOFFICE-DocumentServer-5.1.1","ONLYOFFICE-DocumentServer-5.1.0","ONLYOFFICE-DocumentServer-5.0.7","ONLYOFFICE-DocumentServer-5.0.6","ONLYOFFICE-DocumentServer-5.0.5","ONLYOFFICE-DocumentServer-5.0.4","ONLYOFFICE-DocumentServer-5.0.3","ONLYOFFICE-DocumentServer-4.4.3","ONLYOFFICE-DocumentServer-4.4.2","ONLYOFFICE-DocumentServer-4.4.1","ONLYOFFICE-DocumentServer-4.3.6","ONLYOFFICE-DocumentServer-4.3.5","ONLYOFFICE-DocumentServer-4.3.4","ONLYOFFICE-DocumentServer-4.3.3","ONLYOFFICE-DocumentServer-4.3.2","ONLYOFFICE-DocumentServer-4.3.1","ONLYOFFICE-DocumentServer-4.3.0","ONLYOFFICE-DocumentServer-4.2.11","ONLYOFFICE-DocumentServer-4.2.10","ONLYOFFICE-DocumentServer-4.2.9","ONLYOFFICE-DocumentServer-4.0.0-9","ONLYOFFICE-DocumentServer-4.2.8","ONLYOFFICE-DocumentServer-4.2.7","ONLYOFFICE-DocumentServer-4.2.5","ONLYOFFICE-DocumentServer-4.2.4","ONLYOFFICE-DocumentServer-4.2.3","ONLYOFFICE-DocumentServer-4.2.1","ONLYOFFICE-DocumentServer-4.2.0","ONLYOFFICE-DocumentServer-4.1.8-1","ONLYOFFICE-DocumentServer-4.1.6-3","ONLYOFFICE-DocumentServer-4.1.5-1","ONLYOFFICE-DocumentServer-4.1.4-3","ONLYOFFICE-DocumentServer-4.1.2-37","ONLYOFFICE-DocumentServer-4.0.3-3","ONLYOFFICE-DocumentServer-4.0.2-4","ONLYOFFICE-DocumentServer-4.0.1-34","ONLYOFFICE-DocumentServer-3.0.0","ONLYOFFICE-Online-Editors-2.5.7","ONLYOFFICE-Online-Editors-2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3199.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}