Back to search
CVE-2019-0228
Published: Apr 17, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache PDFBox | affected Apache PDFBox 2.0.14 |
References
[james-server-dev] 20190708 [jira] [Created] (JAMES-2819) Upgrade pdfbox following CVE-2019-0228
mailing-list
x_refsource_MLIST
FEDORA-2019-9e91afa2be
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-6fa01d12b4
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
[james-server-dev] 20200618 [jira] [Closed] (JAMES-2819) Upgrade pdfbox following CVE-2019-0228
mailing-list
x_refsource_MLIST
[pdfbox-users] 20210120 Security Vulnerability with PDFbox 1.8.16
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now