https://bugzilla.redhat.com/show_bug.cgi?id=1933816
Bug ID: 1933816
Summary: CVE-2020-11988 xmlgraphics-commons: SSRF due to
improper input validation by the XMPParser
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
akurtako(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, andjrobins(a)gmail.com,
anstephe(a)redhat.com, bibryam(a)redhat.com,
chazlett(a)redhat.com, dbhole(a)redhat.com,
drieden(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
etirelli(a)redhat.com, ganandan(a)redhat.com,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
jkang(a)redhat.com, jochrist(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
mcermak(a)redhat.com, mizdebsk(a)redhat.com,
mnovotny(a)redhat.com, mprchlik(a)redhat.com,
pantinor(a)redhat.com, patrickm(a)redhat.com,
pjindal(a)redhat.com, rgrunber(a)redhat.com,
rlandman(a)redhat.com, rrajasek(a)redhat.com,
rsynek(a)redhat.com, sdaley(a)redhat.com,
vkadlcik(a)redhat.com
Target Milestone: ---
Classification: Other
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery,
caused by improper input validation by the XMPParser. By using a
specially-crafted argument, an attacker could exploit this vulnerability to
cause the underlying server to make arbitrary GET requests.
References:
https://xmlgraphics.apache.org/security.html
https://www.openwall.com/lists/oss-security/2021/02/24/1
--
You are receiving this mail because:
You are on the CC list for the bug.