vulnerability

Amazon Linux AMI 2: CVE-2024-28168: Security patch for fop (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Oct 9, 2024

Added

Nov 18, 2024

Modified

May 20, 2026

Description

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.

This issue affects Apache XML Graphics FOP: 2.9.

Users are recommended to upgrade to version 2.10, which fixes the issue.

Solution

amazon-linux-ami-2-upgrade-fop

References

AMAZON-AL2/ALAS-2024-2700
CVE-2024-28168
https://attackerkb.com/topics/CVE-2024-28168
CWE-611
EUVD-EUVD-2024-3073
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-3073

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report