Back to search
CVE-2020-11988
Published: Feb 24, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache XmlGraphics Commons | affected Apache XmlGraphics Commons - < 2.6 |
References
https://xmlgraphics.apache.org/security.html
x_refsource_MISC
[poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)
mailing-list
x_refsource_MLIST
[poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)
mailing-list
x_refsource_MLIST
FEDORA-2021-aa2936e810
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-c07a9e79cf
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now