Severity: moderate
Affected versions:
- Apache XML Graphics FOP 2.9
Description:
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in
Apache XML Graphics FOP.
This issue affects Apache XML Graphics FOP: 2.9.
Users are recommended to upgrade to version 2.10, which fixes the issue.
This issue is being tracked as FOP-3168
Credit:
c1gar of Shanxi Normal University (finder)
References:
https://xmlgraphics.apache.org/security.html
https://xmlgraphics.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-28168
https://issues.apache.org/jira/browse/FOP-3168
