Описание
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.
This issue affects Apache XML Graphics FOP: 2.9.
Users are recommended to upgrade to version 2.10, which fixes the issue.
A flaw was found in Apache XML Graphics FOP. This vulnerability allows remote attackers to cause issues via improper handling of XML External Entity (XXE) references.
Отчет
The XXE vulnerability in Apache XML Graphics FOP is considered important rather than moderate due to its potential to compromise the confidentiality, integrity, and availability of a system. XXE flaws can be exploited to access sensitive internal files, such as configuration or credential files, leading to data exposure without authorization. Additionally, XXE attacks may enable attackers to perform server-side request forgery (SSRF), allowing them to make unauthorized requests to internal systems or services, potentially pivoting within a network. Red Hat build of Apache Camel for Springboot ships the affected component but it is not a supported library, hence the will not fix state.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 3 | org.apache.xmlgraphics/fop | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 4 | org.apache.xmlgraphics/fop | Not affected | ||
| Red Hat build of OptaPlanner 8 | org.apache.xmlgraphics/fop | Not affected | ||
| Red Hat Fuse 7 | org.apache.xmlgraphics/fop | Will not fix | ||
| Red Hat Integration Camel K 1 | org.apache.xmlgraphics/fop | Will not fix | ||
| Red Hat JBoss Data Grid 7 | org.apache.xmlgraphics/fop | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | org.apache.xmlgraphics/fop | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.apache.xmlgraphics/fop | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.apache.xmlgraphics/fop | Not affected | ||
| Red Hat Process Automation 7 | org.apache.xmlgraphics/fop | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.
Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...
Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
7.5 High
CVSS3