Vulnerability

CVE-2020-11988

 Report advisory or correction

CVSS Score 8.2 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-20

References

https://issues.apache.org/jira/browse/XGC-122
https://xmlgraphics.apache.org/security.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11988

[CVE-2020-11988] CWE-20: Improper Input Validation

Description

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

See org.apache.xmlgraphics/xmlgraphics-commons package information