{"id":"CVE-2017-20151","details":"A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.","aliases":["GHSA-j69f-fgh5-f7mc"],"modified":"2025-01-15T01:22:07.560353Z","published":"2022-12-30T12:15:08Z","withdrawn":"2025-02-26T03:46:28.364471Z","references":[{"type":"FIX","url":"https://github.com/itext/rups/commit/ac5590925874ef810018a6b60fec216eee54fb32"},{"type":"WEB","url":"https://vuldb.com/?ctiid.217054"},{"type":"WEB","url":"https://vuldb.com/?id.217054"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/itext/rups","events":[{"introduced":"0"},{"fixed":"ac5590925874ef810018a6b60fec216eee54fb32"},{"fixed":"ac5590925874ef810018a6b60fec216eee54fb32"}]}],"versions":["5.5.7","5.5.8","5.5.9","iText_2_0_8","iText_2_1_0","iText_2_1_1","iText_2_1_2","iText_2_1_3","iText_2_1_4","iText_2_1_5","iText_2_1_6","iText_2_1_7","iText_4_2_0","iText_5_0_0","iText_5_0_1","iText_5_0_2","iText_5_0_3","iText_5_0_4","iText_5_0_5","iText_5_0_6","iText_5_2_0","rups-1.0.0","rups-1.0.2","rups-5.3.3","rups-5.3.5","rups-5.4.0","rups-5.4.1","rups-5.4.2","rups-5.4.3","rups-5.4.4","rups-5.4.5","rups-5.5.0","rups-5.5.1","rups-5.5.2","rups-5.5.3","rups-5.5.4","rups-5.5.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20151.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}