Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

  • stonebranch2
    replied
    Thank you

    Leave a comment:


  • Isomorphic
    replied
    Not vulnerable: we do not try to parse PDFs with iText.

    Leave a comment:


  • stonebranch2
    started a topic CVE-2017-9096

    CVE-2017-9096

    Hi Isomorphic,

    Can you please confirm that SmartGWT is not impacted by CVE-2017-9096 for iText-2.1.7.jar or, if it is, how is it mitigated?

    The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
    Thank you
Working...
X