add cve for Apache XML Graphics FOP

Signed-off-by: Weston Steimel <[email protected]>
anchore · Oct 11, 2024 · a817304 · a817304
1 parent ef582d8
commit a817304
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-28168.json b/data/anchore/2024/CVE-2024-28168.json
@@ -0,0 +1,48 @@
+{
+  "additionalMetadata": {
+    "cna": "apache",
+    "cveId": "CVE-2024-28168",
+    "description": "Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.\n\nThis issue affects Apache XML Graphics FOP: 2.9.\n\nUsers are recommended to upgrade to version 2.10, which fixes the issue.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://xmlgraphics.apache.org/security.html"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:org.apache.xmlgraphics:fop-core:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "org.apache.xmlgraphics:fop-core",
+        "packageType": "maven",
+        "product": "Apache XML Graphics FOP",
+        "repo": "https://github.com/apache/xmlgraphics-fop",
+        "vendor": "Apache Software Foundation",
+        "versions": [
+          {
+            "lessThan": "2.10",
+            "status": "affected",
+            "version": "2.9",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://www.openwall.com/lists/oss-security/2024/10/09/1"
+      },
+      {
+        "url": "https://issues.apache.org/jira/browse/FOP-3168"
+      },
+      {
+        "url": "https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134"
+      }
+    ]
+  }
+}