The XML parsers in iText prior to 5.5.12 and 7.x prior to 7.0.3 do not disable external entities, which might allow remote malicious users to conduct XML external entity (XXE) attacks via a crafted PDF.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
itextpdf itext 7.0.0 |
||
itextpdf itext 7.0.1 |
||
itextpdf itext 7.0.2 |
||
itextpdf itext |