Sbrunner

**Name of the Vulnerable Software and Affected Versions** Mapfish Print versions prior to 3.28.28 Mapfish Print versions prior to 3.30.30 Mapfish Print versions prior to 3.31.21 Mapfish Print versions prior to 3.33.14 Mapfish Print versions prior to 4.0.3 **Description** A critical flaw in dynamic table generation allows unauthenticated attackers to supply crafted external inputs that are improperly neutralized and executed as system code. This enables remote code execution (RCE), which is the ability to run arbitrary commands on a target machine, granting attackers full control over the compromised server. **Recommendations** Upgrade to version 3.28.28. Upgrade to version 3.30.30. Upgrade to version 3.31.21. Upgrade to version 3.33.14. Upgrade to version 4.0.3.

**Name of the Vulnerable Software and Affected Versions** mapfish-print versions prior to 3.24 **Description** The issue allows a user to perform a Cross-site scripting attack using the JSONP support. **Recommendations** For versions prior to 3.24, use version 3.24 or later to resolve the issue. As a temporary workaround, consider disabling the JSONP support until a patch is available.

**Name of the Vulnerable Software and Affected Versions** mapfish-print versions prior to 3.24 **Description** The issue allows a user to perform an XML External Entity (XXE) attack using the provided SDL style. This can be exploited by manipulating the XML input to access unauthorized data or disrupt service. **Recommendations** For versions prior to 3.24, update to version 3.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of SDL styles to minimize the risk of exploitation.