{"id":"CVE-2024-28168","details":"Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.\n\nThis issue affects Apache XML Graphics FOP: 2.9.\n\nUsers are recommended to upgrade to version 2.10, which fixes the issue.","aliases":["GHSA-jqfv-jrvq-95jm"],"modified":"2026-04-10T05:11:58.071958Z","published":"2024-10-09T12:15:02.850Z","related":["SUSE-SU-2024:4054-1","openSUSE-SU-2024:14398-1"],"references":[{"type":"ADVISORY","url":"https://xmlgraphics.apache.org/security.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/10/09/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/xmlgraphics-fop","events":[{"introduced":"0"},{"last_affected":"a0bd13fcfac467066160169f914aa5d900b0b8bb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.9"}]}}],"versions":["2_9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28168.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}