PT-2020-14298 · Mapfish · Mapfish-Print

Sbrunner

Published

2020-07-07

Updated

2020-10-08

CVE-2020-15232

CVSS v3.1

9.3

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions mapfish-print versions prior to 3.24

Description The issue allows a user to perform an XML External Entity (XXE) attack using the provided SDL style. This can be exploited by manipulating the XML input to access unauthorized data or disrupt service.

Recommendations For versions prior to 3.24, update to version 3.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of SDL styles to minimize the risk of exploitation.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2020-15232

GHSA-VJV6-GQ77-3MJW

Affected Products

Mapfish-Print

PT-2020-14298 · Mapfish · Mapfish-Print

CVE-2020-15232

Weakness Enumeration

Related Identifiers

Affected Products

References · 7