AVG-254

Package fop
Status Fixed
Severity Medium
Type xml external entity injection
Affected 2.1-1
Fixed 2.2-1
Current 2.3-1 [community]
Ticket None
Created Mon Apr 24 14:35:22 2017
Issue Severity Remote Type Description
CVE-2017-5661 Medium Yes Xml external entity injection
Files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that...
Date Advisory Package Description
21 May 2017 ASA-201705-19 fop xml external entity injection
References
https://xmlgraphics.apache.org/security.html