CVE-2017-9096

You need to login (link above) before you can post. If you do not yet have an account, please register.

stonebranch2 replied

16 Oct 2023, 10:32
Thank you
Leave a comment:
Isomorphic replied

16 Oct 2023, 10:32
Not vulnerable: we do not try to parse PDFs with iText.
Leave a comment:
stonebranch2 started a topic CVE-2017-9096

16 Oct 2023, 05:00
CVE-2017-9096

Hi Isomorphic,

Can you please confirm that SmartGWT is not impacted by CVE-2017-9096 for iText-2.1.7.jar or, if it is, how is it mitigated?

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

Thank you
Tags: None

Previous template Next

Working...

Announcement