Oval Definition:oval:org.opensuse.security:def:201718197
Revision Date:2022-06-30Version:1
Title:CVE-2017-18197
Description:

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-18197
Mitre CVE-2017-18197
SUSE CVE-2017-18197
openSUSE-SU-2018:0616-1
Platform(s):openSUSE Leap 42.3
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • jgraphx-3.1.2.1-7.3 is installed
  • AND jgraphx is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND jgraphx-3.9.2-1.9 is installed
    • BACK