Apache · Apache Xml Graphics · CVE-2024-28168
**Name of the Vulnerable Software and Affected Versions**
Apache XML Graphics FOP version 2.9
**Description**
The issue is related to an Improper Restriction of XML External Entity Reference, also known as an XXE vulnerability, in Apache XML Graphics FOP. This vulnerability is due to the improper restriction of XML External Entity references.
**Recommendations**
For Apache XML Graphics FOP version 2.9, upgrade to version 2.10, which fixes the issue.