CVE-2017-9096 (High) detected in itextpdf-5.5.10.jar #24
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2017-9096 - High Severity Vulnerability
A Free Java-PDF library
Library home page: http:https://itextpdf.com
Path to dependency file: Websocket-Smart-Card-Signer/pom.xml
Path to vulnerable library: 20210223130700_TYMBKW/downloadResource_MYVJAY/20210223130710/itextpdf-5.5.10.jar
Dependency Hierarchy:
Found in HEAD commit: 52e62821fe1c04f561516a02e367c9391f940eef
Found in base branch: master
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
Publish Date: 2017-11-08
URL: CVE-2017-9096
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9096
Release Date: 2017-11-08
Fix Resolution: 5.5.12,7.0.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: