Hi Isomorphic,
Can you please confirm that SmartGWT is not impacted by CVE-2017-9096 for iText-2.1.7.jar or, if it is, how is it mitigated?
Thank you
Can you please confirm that SmartGWT is not impacted by CVE-2017-9096 for iText-2.1.7.jar or, if it is, how is it mitigated?
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
Comment