oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing

From: Simon Steiner <ssteiner () apache org>
Date: Wed, 09 Oct 2024 11:57:32 +0000
Severity: moderate

Affected versions:

- Apache XML Graphics FOP 2.9

Description:

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.

This issue affects Apache XML Graphics FOP: 2.9.

Users are recommended to upgrade to version 2.10, which fixes the issue.

This issue is being tracked as FOP-3168 

Credit:

c1gar of Shanxi Normal University (finder)

References:

https://xmlgraphics.apache.org/security.html
https://xmlgraphics.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-28168
https://issues.apache.org/jira/browse/FOP-3168
Previous By Date Next
Previous By Thread Next

Current thread: