danfickle / openhtmltopdf

An HTML to PDF library for the JVM. Based on Flying Saucer and Apache PDF-BOX 2. With SVG image support. Now also with accessible PDF support (WCAG, Section 508, PDF/UA)!

https://danfickle.github.io/pdf-templates/index.html

vulnerable dependency xmlgraphics-commons

electrofLy opened this issue 3 years ago · comments

Ivaylo commented 3 years ago

The package xmlgraphics-commons-2.4.jar is vulnerable. See https://nvd.nist.gov/vuln/detail/CVE-2020-11988

Solution: update to xmlgraphics-commons-2.6.jar