PT-2024-22312 · Apache+2 · Apache Xml Graphics+2

C1Gar

Published

2024-10-09

Updated

2025-07-16

CVE-2024-28168

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache XML Graphics FOP version 2.9

Description The issue is related to an Improper Restriction of XML External Entity Reference, also known as an XXE vulnerability, in Apache XML Graphics FOP. This vulnerability is due to the improper restriction of XML External Entity references.

Recommendations For Apache XML Graphics FOP version 2.9, upgrade to version 2.10, which fixes the issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2025-06619

CVE-2024-28168

GHSA-JQFV-JRVQ-95JM

OESA-2024-2243

OPENSUSE-SU-2024:14398-1

OPENSUSE-SU-2024_4054-1

SUSE-SU-2024:4054-1

SUSE-SU-2024_4054-1

Affected Products

Apache Xml Graphics

Debian

Suse

PT-2024-22312 · Apache+2 · Apache Xml Graphics+2

CVE-2024-28168

Weakness Enumeration

Related Identifiers

Affected Products

References · 31