CVE-2020-11988
Public on 2021-02-24
Modified on 2024-01-30
Description
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | xmlgraphics-commons | No Fix Planned | ||
| Amazon Linux 2 - Core | xmlgraphics-commons | 2024-01-03 | ALAS2-2024-2411 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
| NVD | CVSSv2 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| NVD | CVSSv3 | 8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |