From a817304c4c065a9256a9c259bb3038b9866c8405 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Fri, 11 Oct 2024 13:51:13 +0100 Subject: [PATCH] add cve for Apache XML Graphics FOP Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-28168.json | 48 +++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 data/anchore/2024/CVE-2024-28168.json diff --git a/data/anchore/2024/CVE-2024-28168.json b/data/anchore/2024/CVE-2024-28168.json new file mode 100644 index 00000000..e09455ce --- /dev/null +++ b/data/anchore/2024/CVE-2024-28168.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-28168", + "description": "Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.\n\nThis issue affects Apache XML Graphics FOP: 2.9.\n\nUsers are recommended to upgrade to version 2.10, which fixes the issue.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://xmlgraphics.apache.org/security.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:org.apache.xmlgraphics:fop-core:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.xmlgraphics:fop-core", + "packageType": "maven", + "product": "Apache XML Graphics FOP", + "repo": "https://github.com/apache/xmlgraphics-fop", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10", + "status": "affected", + "version": "2.9", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.openwall.com/lists/oss-security/2024/10/09/1" + }, + { + "url": "https://issues.apache.org/jira/browse/FOP-3168" + }, + { + "url": "https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134" + } + ] + } +} \ No newline at end of file