Com.Twelvemonkeys.Imageio
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:com.twelvemonkeys.imageio:imageio-metadata:*:*:*:*:*:*:*:*
part: a version: imageio-metadata update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Com.Twelvemonkeys.Imageio (44e964b1-089e-55f4-b0fb-86752f190289) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-23792 |
vulnerable | 2026-06-08 05:30:03.069430 |
XML External Entity (XXE) Injection
HIGH (7.3)
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.
Published: 2022-05-06T20:05:10.831Z
Updated: 2024-09-16T18:49:06.992Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.