Server-Side Request Forgery Vulnerability in Apache XmlGraphics Commons 2.4 and Earlier

Server-Side Request Forgery Vulnerability in Apache XmlGraphics Commons 2.4 and Earlier

CVE-2020-11988 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Learn more about our Cis Benchmark Audit For Server Software.