{"schema_version": "1.6.1", "id": "CVE-2024-28168", "summary": "XML External Entity (XXE) Processing", "details": "Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.\n\nThis issue affects Apache XML Graphics FOP: 2.9.\n\nUsers are recommended to upgrade to version 2.10, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "2.9"}, {"last_affected": "2.9"}]}]}], "references": [{"type": "WEB", "url": "https://xmlgraphics.apache.org/security.html"}]}