GHSA-vjv6-gq77-3mjw

Source

https://github.com/advisories/GHSA-vjv6-gq77-3mjw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-vjv6-gq77-3mjw/GHSA-vjv6-gq77-3mjw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vjv6-gq77-3mjw

Aliases

CVE-2020-15232

Published

2020-07-07T16:32:45Z

Modified

2024-02-16T08:21:22.876757Z

Severity

9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

XXE attack in Mapfish Print

Details

Impact

A user can do to an XML External Entity (XXE) attack with the provided SDL style.

Patches

Use version >= 3.24

Workarounds

References

https://cwe.mitre.org/data/definitions/611.html
https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e

For more information

If you have any questions or comments about this advisory Comment the pull request: https://github.com/mapfish/mapfish-print/pull/1397

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-07T16:32:20Z"
}

References

Affected packages

Maven / org.mapfish.print:print-lib

Package

Name: org.mapfish.print:print-lib; View open source insights on deps.dev
Purl: pkg:maven/org.mapfish.print/print-lib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0

Fixed

3.24

Affected versions

3.*

3.0

3.1.0

3.1.1

3.1.2

3.2.0

3.3.0

3.4.0

3.5.0

3.6.0

3.7.0

3.8.0

3.9.0

3.10.0

3.10.1

3.10.2

3.10.3

3.10.4

3.10.5

3.10.6

3.10.7

3.10.8

3.11.0

3.11.1

3.11.2

3.11.3

3.12.0

3.12.1

3.13.0

3.14.0

3.14.1

3.15.0

3.16.0

3.16.1

3.16.2

3.17.0

3.18.0

3.18.1

3.18.2

3.18.3

3.18.4

3.19.0

3.20.0

3.20.1

3.20.2

3.20.3

3.21.0

3.22.0

Maven / org.mapfish.print:print-servlet

Package

Name: org.mapfish.print:print-servlet; View open source insights on deps.dev
Purl: pkg:maven/org.mapfish.print/print-servlet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0

Fixed

3.24

Affected versions

3.*

3.0

3.1.0

3.1.1

3.1.2

3.2.0

3.3.0

3.4.0

3.5.0

3.6.0

3.7.0

3.8.0

3.9.0

3.10.0

3.10.1

3.10.2

3.10.3

3.10.4

3.10.5

3.10.6

3.10.7

3.10.8

3.11.0

3.11.1

3.11.2

3.11.3

3.12.0

3.12.1

3.13.0

3.14.0

3.14.1

3.15.0

3.16.0

3.16.1

3.16.2

3.17.0

3.18.0

3.18.1

3.18.2

3.18.3

3.18.4

3.19.0

3.20.0

3.20.1

3.20.2

3.20.3

3.21.0

3.22.0

Maven / org.mapfish.print:print-standalone

Package

Name: org.mapfish.print:print-standalone; View open source insights on deps.dev
Purl: pkg:maven/org.mapfish.print/print-standalone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0

Fixed

3.24

Affected versions

3.*

3.18.3

3.18.4

3.19.0

3.20.0

3.20.1

3.20.2

3.20.3

3.21.0

3.22.0