CVE-2017-9096¶

Data: 2023-06-15

Severity: High

CVSS Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Riferimenti: https://nvd.nist.gov/vuln/detail/CVE-2017-9096

Libreria: com.lowagie:itext < 5.5.12

Descrizione

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

GovWay

Versione affette: <= 3.3.12

Risoluzione: 3.3.13