OESA-2022-1649
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1649
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1649.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2022-1649
- Upstream
- Published
- 2022-05-11T11:03:46Z
- Modified
- 2025-09-03T06:16:56.912782Z
- Summary
- xmlgraphics-commons security update
- Details
-
Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D implementations that let you generate PDF and PostScript files, and much more. The Apache™ XML Graphics Commons project is part of the Apache™ Software Foundation, which is a wider community of users and developers of open source projects.
Security Fix(es):
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.(CVE-2020-11988)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / xmlgraphics-commons
Package
- Name
- xmlgraphics-commons
- Purl
- pkg:rpm/openEuler/xmlgraphics-commons&distro=openEuler-20.03-LTS-SP1
openEuler:20.03-LTS-SP3 / xmlgraphics-commons
Package
- Name
- xmlgraphics-commons
- Purl
- pkg:rpm/openEuler/xmlgraphics-commons&distro=openEuler-20.03-LTS-SP3