CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
61.8%
A user can do to an XML External Entity (XXE) attack with the provided SDL style.
Use version >= 3.24
No
If you have any questions or comments about this advisory Comment the pull request: https://github.com/mapfish/mapfish-print/pull/1397
Vendor | Product | Version | CPE |
---|---|---|---|
org.mapfish.print | print-standalone | * | cpe:2.3:a:org.mapfish.print:print-standalone:*:*:*:*:*:*:*:* |
org.mapfish.print | print-servlet | * | cpe:2.3:a:org.mapfish.print:print-servlet:*:*:*:*:*:*:*:* |
org.mapfish.print | print-lib | * | cpe:2.3:a:org.mapfish.print:print-lib:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
61.8%