DEBIAN-CVE-2020-11988

DEBIAN-CVE-2020-11988 PUBLISHED CVSS 8.199999809265137 HIGH

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:12	xmlgraphics-commons	0, 0, 0
Debian:13	xmlgraphics-commons	0, 0, 0
Debian:14	xmlgraphics-commons	0, 0, 0
Debian:11	xmlgraphics-commons	0, 0, 2.4-1

Timeline

Feb 24, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-11988 advisory

Open in Interactive Console →