Moderate severityNVD Advisory· Published Oct 9, 2024· Updated Oct 9, 2024
Apache XML Graphics FOP: XML External Entity (XXE) Processing
CVE-2024-28168
Description
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.
This issue affects Apache XML Graphics FOP: 2.9.
Users are recommended to upgrade to version 2.10, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.xmlgraphics:fop-coreMaven | < 2.10 | 2.10 |
Affected products
83- ghsa-coords82 versionspkg:maven/org.apache.xmlgraphics/fop-corepkg:rpm/opensuse/javapackages-tools&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/javapackages-tools&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/javapackages-tools-extras&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/javapackages-tools-extras&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xmlgraphics-batik&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xmlgraphics-batik&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xmlgraphics-commons&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xmlgraphics-commons&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xmlgraphics-fop&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xmlgraphics-fop&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xmlgraphics-fop&distro=openSUSE%20Tumbleweedpkg:rpm/suse/javapackages-tools&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/javapackages-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/javapackages-tools&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/javapackages-tools&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/javapackages-tools-extras&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xmlgraphics-commons&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xmlgraphics-fop&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
< 2.10+ 81 more
- (no CPE)range: < 2.10
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-1.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 6.3.4-150200.3.15.1
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 1.18-150200.4.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.3.10.2
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- (no CPE)range: < 2.10-150200.13.10.1
- Range: 2.9
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-jqfv-jrvq-95jmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28168ghsaADVISORY
- xmlgraphics.apache.org/security.htmlghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2024/10/09/1ghsaWEB
- github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134ghsaWEB
- issues.apache.org/jira/browse/FOP-3168ghsaWEB
News mentions
0No linked articles in our index yet.