GitHub Advisory DatabaseGHSA-VJV6-GQ77-3MJWXXE attack in Mapfish Print
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
61.8%
Impact
A user can do to an XML External Entity (XXE) attack with the provided SDL style.
Patches
Use version >= 3.24
Workarounds
No
References
- https://cwe.mitre.org/data/definitions/611.html
- https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e
For more information
If you have any questions or comments about this advisory Comment the pull request: https://github.com/mapfish/mapfish-print/pull/1397
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.mapfish.print | print-standalone | * | cpe:2.3:a:org.mapfish.print:print-standalone:*:*:*:*:*:*:*:* |
| org.mapfish.print | print-servlet | * | cpe:2.3:a:org.mapfish.print:print-servlet:*:*:*:*:*:*:*:* |
| org.mapfish.print | print-lib | * | cpe:2.3:a:org.mapfish.print:print-lib:*:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
61.8%