[java-sig-commits] [Bug 1699740] CVE-2019-0228 pdfbox: XML External Entity (XXE) attacks via a crafted XFDF

Thursday, 16 May 2019

https://bugzilla.redhat.com/show_bug.cgi?id=1699740

Joshua Padman <jpadman(a)redhat.com&gt; changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
                   |0412,reported=20190412,sour |0412,reported=20190412,sour
                   |ce=oss-security,cvss3=5.9/C |ce=oss-security,cvss3=5.9/C
                   |VSS:3.0/AV:L/AC:L/PR:N/UI:N |VSS:3.0/AV:L/AC:L/PR:N/UI:N
                   |/S:U/C:L/I:L/A:L,cwe=CWE-61 |/S:U/C:L/I:L/A:L,cwe=CWE-61
                   |1,fedora-all/pdfbox=affecte |1,fedora-all/pdfbox=affecte
                   |d,fsw-6/pdfbox=affected,fus |d,fsw-6/pdfbox=new,fuse-6/p
                   |e-6/pdfox=affected,fuse-7/p |dfox=new,fuse-7/pdfbox=affe
                   |dfbox=affected              |cted

--- Comment #2 from Joshua Padman <jpadman(a)redhat.com&gt; ---
This vulnerability is out of security support scope for the following products:
 * Red Hat JBoss Fuse Service Works 6
 * Red Hat JBoss Fuse 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes
for more details.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[java-sig-commits] [Bug 1699740] CVE-2019-0228 pdfbox: XML External Entity (XXE) attacks via a crafted XFDF