Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:com.twelvemonkeys.imageio:imageio-metadata:*:*:*:*:*:*:*:*

part: a version: imageio-metadata update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductCom.Twelvemonkeys.Imageio (44e964b1-089e-55f4-b0fb-86752f190289)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-23792 vulnerable 2026-06-08 05:30:03.069430 XML External Entity (XXE) Injection
HIGH (7.3)
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.
Published: 2022-05-06T20:05:10.831Z
Updated: 2024-09-16T18:49:06.992Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.