Description

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Remediation

References

https://xmlgraphics.apache.org/security.html

http://www.securityfocus.com/bid/97947

http://www.debian.org/security/2017/dsa-3864

https://www.tenable.com/security/tns-2021-14

Related Vulnerabilities

CVE-2019-13506 Vulnerability in npm package @nuxtjs/devalue

CVE-2020-36189 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2023-5571 Vulnerability in npm package @vrite/sdk

CVE-2020-4038 Vulnerability in maven package org.webjars.npm:graphql-playground-html

CVE-2023-38889 Vulnerability in maven package org.alluxio:alluxio-parent

Severity

High

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Tags

Patch Vendor Advisory