CVE-2024-28168: Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

October 9, 2024 (updated October 11, 2024)

Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability in Apache XML Graphics FOP.

This issue affects Apache XML Graphics FOP: 2.9.

Users are recommended to upgrade to version 2.10, which fixes the issue.

References

github.com/advisories/GHSA-jqfv-jrvq-95jm
github.com/apache/xmlgraphics-fop
github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134
issues.apache.org/jira/browse/FOP-3168
nvd.nist.gov/vuln/detail/CVE-2024-28168
xmlgraphics.apache.org/security.html

Code Behaviors & Features

Detect and mitigate CVE-2024-28168 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →