2317557 – (CVE-2024-28168) CVE-2024-28168 fop: Improper Restriction of XML External Entity Reference ('XXE')

Bug 2317557 (CVE-2024-28168) - CVE-2024-28168 fop: Improper Restriction of XML External Entity Reference ('XXE')

Summary: CVE-2024-28168 fop: Improper Restriction of XML External Entity Reference ('X...

Keywords:
Status:	NEW
Alias:	CVE-2024-28168
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-09 12:20 UTC by OSIDB Bzimport
Modified:	2024-10-10 14:33 UTC (History)
CC List:	43 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Apache XML Graphics FOP. This vulnerability allows remote attackers to cause issues via improper handling of XML External Entity (XXE) references.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-09 12:20:37 UTC

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.

This issue affects Apache XML Graphics FOP: 2.9.

Users are recommended to upgrade to version 2.10, which fixes the issue.

Note You need to log in before you can comment on or make changes to this bug.

adupliak
asoldano
bbaranow
bmaxwell
brian.stansberry
cdewolf
chazlett
cmiranda
darran.lofthouse
dhanak
dkreling
dosoudil
ecerquei
fjuma
fmariani
gmalinko
ibek
istudens
ivassile
iweiss
janstey
jpoth
jrokos
kverlaen
lgao
mnovotny
mosmerov
msochure
msvehla
nwallace
pcongius
pdelbell
pjindal
pmackay
porcelli
rguimara
rstancel
rstepani
saroy
smaestri
tcunning
tom.jenkinson
yfang