CVE-2024-28168

CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing

Vendor Apache Software Foundation

Product Apache XML Graphics FOP

Weakness CWE-611 · XXE

Published October 9, 2024

Last update October 9, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.

Key dates

Disclosure timeline

October 9, 2024 CVE published

October 9, 2024 Record updated