CVE-2020-11988 - log back

CVE-2020-11988 edited at 24 Feb 2021 14:28:06
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Url request injection
Description
+ The Apache XML Graphics Commons library before version 2.6 is vulnerable to server-side request forgery (SSRF) via the XMPParser that allow an attacker to cause the underlying server to make arbitrary GET requests.
References
+ https://www.openwall.com/lists/oss-security/2021/02/24/1
+ https://xmlgraphics.apache.org/security.html
+ https://issues.apache.org/jira/browse/XGC-122
+ https://svn.apache.org/viewvc?view=revision&revision=1878394
Notes
CVE-2020-11988 created at 24 Feb 2021 14:25:30