Details
Description
To reproduce:
1. Create a new page.
2. Insert an image with URL:
file:///etc/passwd
(Edit the page, click +, click Image, select the From the Web tab, enter the file: URL shown above, click Insert, click Save).
The image appears invisible on some browsers, but you can verify its existence by looking at the rendered html or the storage format.
3. Export to word (view the page, click "Tools", click "Export to Word")
4. View the file as plain text (the contents of /etc/passwd appear near the end)
You will need to use a difference file: URL if you don't have /etc/passwd on your OS.
This is caused by reading from a file: URL created at ExportWordPageServer.java, line 373. It can be used to read binary files - they appear to be correctly base 64 encoded and embedded in the MIME document.
It can also be used to request data from any URL, which impacts network security.