CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2019-0228
https://notcve.org/view.php?id=CVE-2019-0228
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Apache PDFBox versión 2.0.14 no inicializa correctamente el analizador XML, lo que permite a los atacantes dependientes del contexto realizar ataques de Entidades Externas XML (XXE) por medio de un XFDF creado. • https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79%40%3Cusers.pdfbox.apache.org%3E https://lists.apache.org/thread.html/8a19bd6d43e359913341043c2a114f91f9e4ae170059539ad1f5673c%40%3Ccommits.tika.apache.org%3E https://lists.apache.org/thread.html/bc8db1bf459f1ad909da47350ed554ee745abe9f25f2b50cad4e06dd%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/be86fcd7cd423a3fe6b73a3cb9d7cac0b619d0deb99e6b5d172c98f4%40%3Ccommits.tika.apache.org%3E https://lists.apache.org/thread.html/r0a2141abeddae66dd57025f1681c8425834062b7c0c7e0b1d830a95d&# • CWE-611: Improper Restriction of XML External Entity Reference •