Summaryinfo

A vulnerability described as problematic has been identified in iText RUPS. This affects an unknown part of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. Executing a manipulation can lead to xml external entity reference. The identification of this vulnerability is CVE-2017-20151. There is no exploit available. It is best practice to apply a patch to resolve this issue. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability classified as problematic was found in iText RUPS (unknown version). This vulnerability affects an unknown code block of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation with an unknown input leads to a xml external entity reference vulnerability. The CWE definition for the vulnerability is CWE-611. The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was shared 12/30/2022 as ac5590925874ef810018a6b60fec216eee54fb32. The advisory is available at github.com. This vulnerability was named CVE-2017-20151. Technical details are known, but there is no available exploit.

Applying the patch ac5590925874ef810018a6b60fec216eee54fb32 is able to eliminate this problem. The bugfix is ready for download at github.com.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• iText

Name

• RUPS

License

• open-source

Website

• Product: https://github.com/itext/rups/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion