{"id":"CVE-2023-30186","details":"A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.","modified":"2026-04-12T03:51:10.268846Z","published":"2023-08-14T13:15:10.420Z","references":[{"type":"WEB","url":"https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110"},{"type":"WEB","url":"http://onlyoffice.com"},{"type":"WEB","url":"https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/"},{"type":"FIX","url":"https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a"},{"type":"FIX","url":"https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2"},{"type":"PACKAGE","url":"https://github.com/ONLYOFFICE/DocumentServer"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/onlyoffice/core","events":[{"introduced":"0"},{"fixed":"2b6ad83b36afd9845085b536969d366d1d61150a"}]},{"type":"GIT","repo":"https://github.com/onlyoffice/documentserver","events":[{"introduced":"0ac557c60e9dacfe890631fddade941414261203"},{"last_affected":"21ecdc5d2cff555e679a4096dff0ee2835268a85"}],"database_specific":{"versions":[{"introduced":"4.0.3"},{"last_affected":"7.3.2"}]}}],"versions":["ONLYOFFICE-DocumentServer-4.0.3-3","ONLYOFFICE-DocumentServer-4.1.2-37","ONLYOFFICE-DocumentServer-4.1.4-3","ONLYOFFICE-DocumentServer-4.1.5-1","ONLYOFFICE-DocumentServer-4.1.6-3","ONLYOFFICE-DocumentServer-4.1.8-1","ONLYOFFICE-DocumentServer-4.2.0","ONLYOFFICE-DocumentServer-4.2.1","ONLYOFFICE-DocumentServer-4.2.10","ONLYOFFICE-DocumentServer-4.2.11","ONLYOFFICE-DocumentServer-4.2.3","ONLYOFFICE-DocumentServer-4.2.4","ONLYOFFICE-DocumentServer-4.2.5","ONLYOFFICE-DocumentServer-4.2.7","ONLYOFFICE-DocumentServer-4.2.8","ONLYOFFICE-DocumentServer-4.2.9","ONLYOFFICE-DocumentServer-4.3.0","ONLYOFFICE-DocumentServer-4.3.1","ONLYOFFICE-DocumentServer-4.3.2","ONLYOFFICE-DocumentServer-4.3.3","ONLYOFFICE-DocumentServer-4.3.4","ONLYOFFICE-DocumentServer-4.3.5","ONLYOFFICE-DocumentServer-4.3.6","ONLYOFFICE-DocumentServer-4.4.1","ONLYOFFICE-DocumentServer-4.4.2","ONLYOFFICE-DocumentServer-4.4.3","ONLYOFFICE-DocumentServer-5.0.3","ONLYOFFICE-DocumentServer-5.0.4","ONLYOFFICE-DocumentServer-5.0.5","ONLYOFFICE-DocumentServer-5.0.6","ONLYOFFICE-DocumentServer-5.0.7","ONLYOFFICE-DocumentServer-5.1.0","ONLYOFFICE-DocumentServer-5.1.1","ONLYOFFICE-DocumentServer-5.1.2","ONLYOFFICE-DocumentServer-5.1.3","ONLYOFFICE-DocumentServer-5.1.4","ONLYOFFICE-DocumentServer-5.1.5","ONLYOFFICE-DocumentServer-5.2.0","ONLYOFFICE-DocumentServer-5.2.2","ONLYOFFICE-DocumentServer-5.2.3","ONLYOFFICE-DocumentServer-5.2.4","ONLYOFFICE-DocumentServer-5.2.6","ONLYOFFICE-DocumentServer-5.2.7","ONLYOFFICE-DocumentServer-5.2.8","ONLYOFFICE-DocumentServer-5.3.0","ONLYOFFICE-DocumentServer-5.3.1","ONLYOFFICE-DocumentServer-5.3.2","ONLYOFFICE-DocumentServer-5.3.4","ONLYOFFICE-DocumentServer-5.4.0-2","ONLYOFFICE-DocumentServer-5.4.1","ONLYOFFICE-DocumentServer-5.4.2","ONLYOFFICE-DocumentServer-5.5.0","ONLYOFFICE-DocumentServer-5.5.1","ONLYOFFICE-DocumentServer-5.5.3","ONLYOFFICE-DocumentServer-5.6.0","ONLYOFFICE-DocumentServer-5.6.1","ONLYOFFICE-DocumentServer-5.6.2","ONLYOFFICE-DocumentServer-5.6.3","ONLYOFFICE-DocumentServer-5.6.4","ONLYOFFICE-DocumentServer-5.6.5","ONLYOFFICE-DocumentServer-6.0.0","ONLYOFFICE-DocumentServer-6.0.1","ONLYOFFICE-DocumentServer-6.0.2","core-linux-64/hotfix%2Fv4.4.3-13","core-linux-64/hotfix%2Fv4.4.4-1","core-linux-64/hotfix%2Fv5.0.2-1","core-linux-64/hotfix%2Fv5.0.3-2","core-linux-64/hotfix%2Fv5.0.5-2","core-linux-64/hotfix%2Fv5.0.6-2","core-linux-64/hotfix%2Fv5.1.3-3","core-linux-64/hotfix%2Fv5.1.3-4","core-linux-64/hotfix%2Fv5.2.2-2","core-linux-64/hotfix%2Fv5.3.4-2","core-linux-64/master-11","core-linux-64/master-12","core-linux-64/master-13","core-linux-64/master-2","core-linux-64/master-3","core-linux-64/master-4","core-linux-64/master-5","core-linux-64/master-6","core-linux-64/master-7","core-linux-64/master-8","core-linux-64/master-9","core-win-32/hotfixFv4.3.6-1","core-win-32/hotfixFv4.4.3-1","core-win-32/hotfixFv5.0.2-1","core-win-32/hotfixFv5.0.3-1","core-win-32/hotfixFv5.0.5-1","core-win-32/hotfixFv5.0.6-1","core-win-32/hotfixFv5.1.4-1","core-win-32/hotfixFv5.2.2-1","core-win-32/hotfixFv5.2.6-1","core-win-32/master-1","core-win-32/master-10","core-win-32/master-2","core-win-32/master-3","core-win-32/master-4","core-win-32/master-5","core-win-32/master-6","core-win-32/master-7","core-win-32/master-8","core-win-32/master-9","core-win-64/hotfixFv4.3.6-1","core-win-64/hotfixFv4.4.3-1","core-win-64/hotfixFv4.4.4-2","core-win-64/hotfixFv5.0.2-1","core-win-64/hotfixFv5.0.3-1","core-win-64/hotfixFv5.0.4-1","core-win-64/hotfixFv5.0.5-1","core-win-64/hotfixFv5.0.6-1","core-win-64/hotfixFv5.1.3-2","core-win-64/hotfixFv5.2.2-1","core-win-64/hotfixFv5.2.6-2","core-win-64/hotfixFv5.2.9-1","core-win-64/hotfixFv5.3.1-1","core-win-64/hotfixFv5.3.4-13","core-win-64/master-1","core-win-64/master-2","core-win-64/master-3","core-win-64/master-4","core-win-64/master-5","core-win-64/master-6","core-win-64/master-7","core-win-64/master-8","core-win-64/master-9","core-windows/hotfixFv4.2.10-1","core-windows/hotfixFv4.2.11-2","core-windows/hotfixFv4.2.4-1","core-windows/hotfixFv4.2.4-2","core-windows/hotfixFv4.2.5-2","core-windows/hotfixFv4.2.7-8","core-windows/hotfixFv4.2.8-1","core-windows/hotfixFv4.2.9-1","core-windows/hotfixFv4.3.1-1","core-windows/hotfixFv4.3.2-1","core-windows/hotfixFv4.3.3-1","core-windows/hotfixFv4.3.4-2","core-windows/hotfixFv4.3.5-1","core/hotfix%2Fv4.2.1-2","core/hotfix%2Fv4.2.10-1","core/hotfix%2Fv4.2.11-1","core/hotfix%2Fv4.2.4-1","core/hotfix%2Fv4.2.5-1","core/hotfix%2Fv4.2.5-3","core/hotfix%2Fv4.2.7-3","core/hotfix%2Fv4.2.8-1","core/hotfix%2Fv4.2.8-2","core/hotfix%2Fv4.2.9-1","core/hotfix%2Fv4.3.1-6","core/hotfix%2Fv4.3.2-1","core/hotfix%2Fv4.3.3-1","core/hotfix%2Fv4.3.4-2","core/hotfix%2Fv4.3.5-1","core/hotfix%2Fv4.3.6-1","core/master-1","v4.3.3.4","v4.3.4.10","v4.3.4.6","v4.3.4.8","v4.3.4.9","v4.3.6","v4.3.6.2","v4.4.3.5","v4.4.3.6","v4.4.3.7","v5.0.3.2","v5.0.3.3","v5.0.6.10","v5.0.6.11","v5.0.6.12","v5.0.6.14","v5.0.6.15","v5.0.6.9","v5.1.3.10","v5.1.3.11","v5.1.3.13","v5.1.3.14","v5.1.3.15","v5.1.3.4","v5.1.3.5","v5.1.3.7","v5.1.3.9","v5.2.2.2","v5.2.6.3","v5.2.9.3","v5.2.9.4","v5.2.9.5","v5.3.1.2","v5.3.1.3","v5.3.1.4","v5.3.2.2","v5.3.2.3","v5.3.4.3","v5.3.99.20","v5.3.99.21","v5.3.99.22","v5.3.99.23","v5.3.99.24","v5.3.99.25","v5.3.99.26","v5.3.99.27","v5.3.99.28","v5.5.2.2","v5.6.1.1","v5.6.1.2","v5.6.2.1","v5.6.2.2","v5.6.2.3","v5.6.3.1","v5.6.3.2","v5.6.3.3","v5.6.4.1","v5.6.4.10","v5.6.4.5","v5.6.4.6","v5.6.5.1","v5.6.5.2","v5.6.5.3","v5.6.5.4","v5.6.5.5","v5.6.5.6","v5.6.5.7","v5.6.5.8","v6.0.2.1","v6.0.2.2","v6.0.2.3","v6.0.2.4","v6.1.0","v6.1.1","v6.1.1.1","v6.2.0","v6.2.1","v6.2.1.1","v6.2.1.11","v6.2.1.12","v6.2.1.13","v6.2.1.2","v6.2.1.3","v6.2.1.4","v6.2.1.5","v6.2.1.6","v6.2.1.9","v6.2.2","v6.3.0","v6.3.1","v6.3.1.1","v6.3.1.2","v6.3.2","v6.3.2.2","v6.3.2.4","v6.3.2.5","v6.3.2.6","v6.3.2.7","v6.3.2.8","v6.4.0","v6.4.1","v6.4.2","v6.4.2.1","v6.4.2.12","v6.4.2.13","v6.4.2.14","v6.4.2.15","v6.4.2.16","v6.4.2.17","v6.4.2.18","v6.4.2.19","v6.4.2.2","v6.4.2.20","v6.4.2.21","v6.4.2.22","v6.4.2.23","v6.4.2.24","v6.4.2.25","v6.4.2.29","v6.4.2.3","v6.4.2.4","v6.4.2.6","v6.4.2.7","v6.4.2.8","v6.4.2.9","v6.4.3.10","v6.4.3.11","v6.4.3.12","v6.4.3.13","v6.4.3.14","v6.4.3.15","v6.4.3.16","v6.4.3.17","v6.4.3.18","v6.4.3.19","v6.4.3.4","v6.4.3.5","v6.4.3.6","v6.4.3.7","v6.4.3.8","v6.4.3.9","v7.0.0","v7.0.1","v7.0.1.1","v7.0.2.1","v7.0.2.10","v7.0.2.11","v7.0.2.12","v7.0.2.13","v7.0.2.14","v7.0.2.15","v7.0.2.3","v7.0.2.5","v7.0.2.7","v7.0.2.8","v7.0.2.9","v7.1.0","v7.1.1","v7.2.0","v7.2.1","v7.2.2","v7.2.2.10","v7.2.2.11","v7.2.2.14","v7.2.2.4","v7.2.2.6","v7.2.2.7","v7.2.2.8","v7.2.2.9","v7.3.0","v7.3.1.3","v7.3.1.4","v7.3.1.5","v7.3.1.6","v7.3.2","v7.3.2.10","v7.3.2.11","v7.3.2.12","v7.3.2.13","v7.3.2.3","v7.3.2.4","v7.3.2.5","v7.3.2.6","v7.3.2.7","v7.3.2.8","v7.3.2.9","win-v4.2.0.7","win-v4.2.10.1","win-v4.2.10.2","win-v4.2.11.1","win-v4.2.4.2","win-v4.2.4.3","win-v4.2.4.4","win-v4.2.5.1","win-v4.2.5.4","win-v4.2.5.5","win-v4.2.7.2","win-v4.2.7.3","win-v4.2.7.4","win-v4.2.8.1","win-v4.2.8.2","win-v4.2.8.3","win-v4.2.8.4","win-v4.2.9.1","win-v4.2.9.2"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["23678231242116323727889936788484106591","38621757737263789890061080930187634899","44648688020436883199585428040184204842"]},"target":{"file":"DesktopEditor/doctrenderer/js_internal/v8/v8_base.h"},"signature_version":"v1","id":"CVE-2023-30186-05673037","source":"https://github.com/onlyoffice/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a","signature_type":"Line","deprecated":false},{"digest":{"function_hash":"127132077449916538822791957039973485057","length":197},"target":{"file":"DesktopEditor/doctrenderer/js_internal/v8/v8_base.cpp","function":"CJSContext::Dispose"},"signature_version":"v1","id":"CVE-2023-30186-241504aa","source":"https://github.com/onlyoffice/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a","signature_type":"Function","deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["25459350179026878245103141520517111656","34234060950876568229161199210698691933","113572103750083556419470327515280488758","44367735898613015347039237588526417438"]},"target":{"file":"DesktopEditor/doctrenderer/js_internal/v8/v8_base.cpp"},"signature_version":"v1","id":"CVE-2023-30186-38ff969e","source":"https://github.com/onlyoffice/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a","signature_type":"Line","deprecated":false},{"digest":{"function_hash":"32139306024117116331175649183627180673","length":2224},"target":{"file":"DesktopEditor/doctrenderer/embed/v8/v8_NativeControl.cpp","function":"CreateNativeControlTemplate"},"signature_version":"v1","id":"CVE-2023-30186-4465ec1b","source":"https://github.com/onlyoffice/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a","signature_type":"Function","deprecated":false},{"digest":{"function_hash":"111220662689639366491555523344703551343","length":2152},"target":{"file":"DesktopEditor/doctrenderer/embed/v8/v8_NativeControl.cpp","function":"CreateNativeControlTemplateBuilder"},"signature_version":"v1","id":"CVE-2023-30186-690f57c9","source":"https://github.com/onlyoffice/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a","signature_type":"Function","deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["884865904732020680095559017787803221","323567875689958843567140739312116827217","10322127461603967753204975205456933441","43861125993828402558280752594889890286","217613569040295108684168109813494010132","292274979230384847893767851665863562896","32405103144898127778543003577069290353","108133916141523277846022296488253566358","183437090427537610023505120109338012623","22768714466998069949311312194986041438","148533465546404340566740256353372420305","39280604526045344128047457293030393723","226154177410646267437392762976532055554","17124302143707451076738746971248664361","109304406614455364369364534524376981757","107789660859899181914054701725417046228","338966144680642755641497494045141433410","306228068269200932369469191568805792004","10249945462707553379189634505981550075","115030524567106661766383046195476364249","327751166735953726026986399269137305764","323048057620468812140091412564577948337","320026249995053821822076166349752096441","136406840261691864935346145470165456749","29582465481030708866426380362065585751","140636865162992792965355146809331067136","248109704861434380335377114546307541022","183089080919808485852363290411311083088","307409920800308457586184825012364497040","89390512818170855954723220121627379925","195475396249517540390456478465388044781","258410144946447006786044638148534571803","200320218392745294781008798694321930500","81652258903094495950538877799342619187","325409186180774846402221940265391661603","185890339199421949274643656745753611160","37403942630817939307432821784907361759","229850524007634244465383570393575858619","338835901966114899114859810093745599784","30136029569086524072953607563793483551","101451680233266530101741838572289673800","32677035782568265456282086160946528403","122091946609706290071512383440396284305","74713664184258460720666180683711722546","282524862267652940804337118099823388265","33540880757352241778042333065702287195","78477941395918189792457332026887586133","91396809044691452844464940883760115266","155996322429135355261441424093665492464","330926517679673865572314338581653890923","283240178704642779536428765154910913990","49895357024835631886685256786429426014","51090848218045790881046640384590808538","189562141081733082896856174124211092834","288812120021330413319829601227153255920","255535264092470657723835384828259915873","179577629564416884599399767163110165162","119547515820869419210410339719191667506","157634429201074927397274659033928520978","76004773498141960916975435416443836889","264154924144963812906341680443061797579","265062116838879406284685504782802114959","65213289160436966710770759542461364931","195475396249517540390456478465388044781","258410144946447006786044638148534571803","200320218392745294781008798694321930500","81652258903094495950538877799342619187","325409186180774846402221940265391661603","185890339199421949274643656745753611160","37403942630817939307432821784907361759","229850524007634244465383570393575858619","338835901966114899114859810093745599784","30136029569086524072953607563793483551","101451680233266530101741838572289673800","32677035782568265456282086160946528403","122091946609706290071512383440396284305","74713664184258460720666180683711722546","282524862267652940804337118099823388265","33540880757352241778042333065702287195","78477941395918189792457332026887586133","91396809044691452844464940883760115266","195894194095845781977724388521993711339","91592620986301883933509894498841437706","143120182030166166611079818365143061219","51090848218045790881046640384590808538","189562141081733082896856174124211092834","288812120021330413319829601227153255920","255535264092470657723835384828259915873","179577629564416884599399767163110165162","119547515820869419210410339719191667506","157634429201074927397274659033928520978","271601024115593754555194508158259276562","283110394317424139612202774972774773101","164206053834517691103955084754567416069","174224133086902581390413400392749189981","221819279875896111348328445736559489492","257561610782031564369289768813077236867","112841678743275027023239259910359859725","302926962916747513858051063418542726718","314716009606767965392207396367325043779","84176798988851630588541061768347688479","38663361682614174686049976561174150727","149555336874544398993471341183306772773","102964123372337537877657099570454253070","226323901641828205701858421372798923865","107062117674108056156265864219416801135","314183925410414581317568222505851679524","131297799304758382849591930204360906827","187953911044436590697934823234917326414","314716009606767965392207396367325043779","84176798988851630588541061768347688479","158366766442406164680950721604831787286","19443581015482906192356326785175236318","94663107235777966299770950168291976726","31460056987518035588887083944792650537","310446963756465466364030331158148506535","326272875975671488818739424890993102180","328078624254961199367469402943184957534","164803293333041827555883506598061162741","138920829235247892454870165497631939384","313533762210779545945343521526645639284","168494707814764340504332890347949110851"]},"target":{"file":"DesktopEditor/doctrenderer/embed/v8/v8_NativeControl.cpp"},"signature_version":"v1","id":"CVE-2023-30186-c2b92be4","source":"https://github.com/onlyoffice/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a","signature_type":"Line","deprecated":false}],"vanir_signatures_modified":"2026-04-12T03:51:10Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30186.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}