Server-side Request Forgery (SSRF) Affecting org.apache.xmlgraphics:xmlgraphics-commons Open this link in a new tab package, versions [,2.6)

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGAPACHEXMLGRAPHICS-1079038
published

25 Feb 2021
disclosed

25 Feb 2021
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 25 Feb 2021

CVE-2020-11988 Open this link in a new tab CWE-918 Open this link in a new tab

How to fix?

Upgrade org.apache.xmlgraphics:xmlgraphics-commons to version 2.6 or higher.

Overview

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). This SSRF vulnerability is caused by improper input validation in the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

References

Apache Security Advisory

Server-side Request Forgery (SSRF) Affecting org.apache.xmlgraphics:xmlgraphics-commons Open this link in a new tab package, versions [,2.6)

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 25 Feb 2021

How to fix?

Overview

References