CVE Daily

CVE-2024-28168

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in A...

High CVSS 7.5

Overview

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.

This issue affects Apache XML Graphics FOP: 2.9.

Users are recommended to upgrade to version 2.10, which fixes the issue.

CWE: CWE-611 Published: 2024-10-09T12:15:02.850
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: apache, xxe (tag impact: MODERATE)

Recommended actions:

  • Disable external entities in XML parsers; use safe libraries.

Recommended tools

Tags