CVE-2020-11988

Summary

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Affected Software

VendorProductVersion RangeStatus
n/aApache XmlGraphics CommonsApache XmlGraphics Commons < 2.6affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References