{"id":"CVE-2020-15232","details":"In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.","aliases":["GHSA-vjv6-gq77-3mjw"],"modified":"2026-05-18T10:47:04.266497Z","published":"2020-10-02T20:15:12.660Z","references":[{"type":"ADVISORY","url":"https://github.com/mapfish/mapfish-print/security/advisories/GHSA-vjv6-gq77-3mjw"},{"type":"FIX","url":"https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mapfish/mapfish-print","events":[{"introduced":"0"},{"fixed":"25a56fe66137ab8b09e85489187e3b4a3c66de1b"}],"database_specific":{"cpe":"cpe:2.3:a:mapfish:print:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"3.24"}],"source":"CPE_FIELD"}}],"versions":["release/3.24.2","release/3.24.1","release/3.24.0","3.24.0","release/3.23.0","release/3.22.0","release/3.19.1","release/3.18.4","release/3.17.0","release/3.16.2","release/3.15.0","release/3.21.0","release/3.20.1","release/3.20.0","release/3.19.0","release/3.18.3","release/3.18.2","release/3.18.1","release/3.18.0","release/3.16.1","release/3.16.0","release/3.14.1","release/3.14.0","release/3.13.0","release/3.12.1","release/3.12.0","release/3.11.3","release/3.11.2","release/3.11.1","release/3.11.0","release/3.10.2","release/3.10.1","release/3.10.0","release/3.7.0","release/3.9.0","release/3.8.0","release/3.6.0","release/3.5.0","release/3.4.0","release/3.3.0","release/3.2.0","release/3.1.2","release/3.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15232.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}