fop

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description XSL-FO implementation in Java.
Version 2.3-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-254 2.1-1 2.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-5661 AVG-254 Medium Yes Xml external entity injection
Files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that...

Advisories

Date Advisory Group Severity Description
21 May 2017 ASA-201705-19 AVG-254 Medium xml external entity injection