ALT-PU-2021-4961-1

Package update xmlgraphics-commons in branch sisyphus

Version2.6-alt1_1jpp11

Published2021-06-11

Max severityHIGH

Severity:

Closed issues (3)

HIGH8.2

Уязвимость программного обеспечения для преобразования XML форматов xmlgraphics-commons, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Published: 2022-01-17Modified: 2022-10-17

CVSS 3.xHIGH 8.2

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

References

CVE-2020-11988

HIGH8.2

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Published: 2021-02-24Modified: 2024-11-21

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS 3.xHIGH 8.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References

GHSA-fmj2-7wx8-qj4v

HIGH8.2

Server-side request forgery (SSRF) in Apache XmlGraphics Commons

Published: 2022-02-09Modified: 2022-01-06

CVSS 3.xHIGH 8.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References