Server-Side Request Forgery Vulnerability in Apache XmlGraphics Commons 2.4 and Earlier
CVE-2020-11988 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.
Learn more about our Cis Benchmark Audit For Server Software.