CVE-2020-11988
xmlgraphics-commons: SSRF due to improper input validation by the XMPParser
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.
Apache XmlGraphics Commons versión 2.4 y anteriores son vulnerables a la falsificación de peticiones del lado del servidor, causada por una validación de entrada inadecuada por parte del XMPParser. Utilizando un argumento especialmente diseñado, un atacante podría explotar esta vulnerabilidad para hacer que el servidor subyacente realice peticiones GET arbitrarias. Los usuarios deberían actualizar a la versión 2.6 o posterior
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-21 CVE Reserved
- 2021-02-24 CVE Published
- 2023-11-10 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (10)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com//security-alerts/cpujul2021.html | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpuoct2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Xmlgraphics Commons Search vendor "Apache" for product "Xmlgraphics Commons" | <= 2.4 Search vendor "Apache" for product "Xmlgraphics Commons" and version " <= 2.4" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
|