| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Url request injection |
|
| Description |
| + |
The Apache XML Graphics Commons library before version 2.6 is vulnerable to server-side request forgery (SSRF) via the XMPParser that allow an attacker to cause the underlying server to make arbitrary GET requests. |
|
| References |
| + |
https://www.openwall.com/lists/oss-security/2021/02/24/1 |
| + |
https://xmlgraphics.apache.org/security.html |
| + |
https://issues.apache.org/jira/browse/XGC-122 |
| + |
https://svn.apache.org/viewvc?view=revision&revision=1878394 |
|
| Notes |
|