CVE-2017-9096

stonebranch2

Registered Developer

Join Date: May 2012

Posts: 709
#1

CVE-2017-9096

16 Oct 2023, 05:00

Hi Isomorphic,

Can you please confirm that SmartGWT is not impacted by CVE-2017-9096 for iText-2.1.7.jar or, if it is, how is it mitigated?

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

Thank you
Tags: None
Isomorphic

Administrator

Join Date: May 2006

Posts: 53985
#2

16 Oct 2023, 10:32

Not vulnerable: we do not try to parse PDFs with iText.
Comment
stonebranch2

Registered Developer

Join Date: May 2012

Posts: 709
#3

16 Oct 2023, 10:32

Thank you
Comment

Previous template Next

Announcement