Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-11988

Опубликовано: 24 фев. 2021
Источник: redhat
CVSS3: 8.2
EPSS Низкий

Описание

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Отчет

This flaw does not affect xmlgraphics-commons as shipped with Red Hat Enterprise Linux 8. It is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about support scope for Red Hat Enterprise Linux, please see https://access.redhat.com/support/policy/updates/errata/ .

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6xmlgraphics-commonsOut of support scope
Red Hat CodeReady Studio 12xmlgraphics-commonsWill not fix
Red Hat Developer Toolsrh-eclipse-xmlgraphics-commonsAffected
Red Hat Enterprise Linux 6xmlgraphics-commonsOut of support scope
Red Hat Enterprise Linux 7xmlgraphics-commonsOut of support scope
Red Hat Enterprise Linux 8eclipseNot affected
Red Hat Enterprise Linux 9xmlgraphics-commonsAffected
Red Hat Integration Camel K 1xmlgraphics-commonsNot affected
Red Hat JBoss BRMS 5xmlgraphics-commonsOut of support scope
Red Hat JBoss Fuse 6xmlgraphics-commonsOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-918
https://bugzilla.redhat.com/show_bug.cgi?id=1933816xmlgraphics-commons: SSRF due to improper input validation by the XMPParser

EPSS

Процентиль: 40%
0.0018
Низкий

8.2 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-11988

CVSS3: 8.2
ubuntu
почти 5 лет назад

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

nvd логотип

CVE-2020-11988

CVSS3: 8.2
nvd
почти 5 лет назад

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

debian логотип

CVE-2020-11988

CVSS3: 8.2
debian
почти 5 лет назад

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...

suse-cvrf логотип

SUSE-SU-2022:3550-1

suse-cvrf
больше 3 лет назад

Security update for xmlgraphics-commons

github логотип

GHSA-fmj2-7wx8-qj4v

CVSS3: 8.2
github
почти 4 года назад

Server-side request forgery (SSRF) in Apache XmlGraphics Commons

EPSS

Процентиль: 40%
0.0018
Низкий

8.2 High

CVSS3