pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Lehmkuehler <le...@apache.org>
Subject [SECURITY] CVE-2019-0228 Apache PDFBox XML External Entity vulnerability
Date Fri, 12 Apr 2019 04:43:44 GMT
CVE-2019-0228: Apache PDFBox XML External Entity vulnerability

Severity: Important

The Apache Software Foundation

Versions Affected:
Apache PDFBox 2.0.14

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows 
context-dependent attackers to conduct XML External Entity (XXE) attacks via a 
crafted XFDF.

Upgrade to Apache PDFBox 2.0.15

This issue was discovered by Kurt Boberg from DocuSign

[1] https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org

View raw message