CVE-2024-28168

Опубликовано: 09 окт. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.

This issue affects Apache XML Graphics FOP: 2.9.

Users are recommended to upgrade to version 2.10, which fixes the issue.

Ссылки

https://xmlgraphics.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/10/09/1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:formatting_objects_processor:2.9:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00208

Низкий

7.5 High

CVSS3

Дефекты

CWE-611

Связанные уязвимости

CVE-2024-28168

CVSS3: 7.5

ubuntu

около 1 года назад

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.

CVE-2024-28168

CVSS3: 7.5

redhat

около 1 года назад

CVE-2024-28168

CVSS3: 7.5

debian

около 1 года назад

Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...

SUSE-SU-2024:4054-1

suse-cvrf

около 1 года назад

Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop

GHSA-jqfv-jrvq-95jm

CVSS3: 5.3

github

около 1 года назад

Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

EPSS

Процентиль: 43%

0.00208

Низкий

7.5 High

CVSS3

Дефекты

CWE-611