CVE-2020-11988

 

Published at: - 24-02-2021 07:15

Last modified: - 22-04-2022 08:54

Total changes: - 13

Description

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

 

Verification logic

 

Reference

• https://xmlgraphics.apache.org/security.html
• [poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)-Mailing List, Vendor Advisory
• [jmeter-dev] 20210305 [GitHub] [jmeter] sseide opened a new pull request #648: update xmlgraphics-commons to 2.6 (from 2.3)-Mailing List, Vendor Advisory
• [poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)-Mailing List, Vendor Advisory
• FEDORA-2021-aa2936e810-Mailing List, Third Party Advisory
• FEDORA-2021-c07a9e79cf-Mailing List, Third Party Advisory
• N/A-Patch, Third Party Advisory
• https://www.oracle.com/security-alerts/cpuoct2021.html

 

Keywords

NVD

 

CVE-2020-11988

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures