CVE-2020-18972 — Resource Exposure in Project Podofo

CWE-668 — Resource Exposure4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 62.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Podofo Project Podofo Debian Libpodofo

Timeline

PublishedAug 25

Latest updateMay 24

Description

Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libpodofo

▶NVDpodofo_project/podofo0.9.6

🔴Vulnerability Details

GHSA

GHSA-x4h7-rg57-2fqw: Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0↗2022-05-24

▶

OSV

CVE-2020-18972: Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0↗2021-08-25

▶

📋Vendor Advisories

Debian

CVE-2020-18972: libpodofo - Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allo...↗2020

▶