{"schema_version":"1.7.2","id":"OESA-2022-1649","modified":"2022-05-11T11:03:46Z","published":"2022-05-11T11:03:46Z","upstream":["CVE-2020-11988"],"summary":"xmlgraphics-commons security update","details":"Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D implementations that let you generate PDF and PostScript files, and much more. The Apache™ XML Graphics Commons project is part of the Apache™ Software Foundation, which is a wider community of users and developers of open source projects.\r\n\r\nSecurity Fix(es):\r\n\r\nApache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.(CVE-2020-11988)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"xmlgraphics-commons","purl":"pkg:rpm/openEuler/xmlgraphics-commons\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2-4.oe1"}]}],"ecosystem_specific":{"noarch":["xmlgraphics-commons-2.2-4.oe1.noarch.rpm"],"src":["xmlgraphics-commons-2.2-4.oe1.src.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"xmlgraphics-commons","purl":"pkg:rpm/openEuler/xmlgraphics-commons\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2-4.oe1"}]}],"ecosystem_specific":{"noarch":["xmlgraphics-commons-2.2-4.oe1.noarch.rpm"],"src":["xmlgraphics-commons-2.2-4.oe1.src.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"xmlgraphics-commons","purl":"pkg:rpm/openEuler/xmlgraphics-commons\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2-4.oe2203"}]}],"ecosystem_specific":{"noarch":["xmlgraphics-commons-2.2-4.oe2203.noarch.rpm"],"src":["xmlgraphics-commons-2.2-4.oe2203.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1649"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11988"}],"database_specific":{"severity":"High"}}