.. _vulnerabilityManagement_securityAdvisory_2023_CVE-2017-9096:

CVE-2017-9096
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Data: 2023-06-15

Severity: High

CVSS Score:  8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Riferimenti: `https://nvd.nist.gov/vuln/detail/CVE-2017-9096 <https://nvd.nist.gov/vuln/detail/CVE-2017-9096>`_

Libreria: com.lowagie:itext < 5.5.12

**Descrizione**

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

**GovWay**

Versione affette: <= 3.3.12

Risoluzione: 3.3.13