CVE-2020-15232

Published: Oct 2, 2020
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-15232" target="_blank" rel="noopener"> CVE-2020-15232
GHSA: <a href="https://github.com/advisories/GHSA-vjv6-gq77-3mjw" target="_blank" rel="noopener"> GHSA-vjv6-gq77-3mjw
Severity: Critical
Exploit:

In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
mapfish / print	-	3.24
org.mapfish.print / print-lib	-	3.24
org.mapfish.print / print-servlet	-	3.24
org.mapfish.print / print-standalone	-	3.24