Skip to content

[SECURITY] Update com.lowagie:itext #353

Description

@edthri

Describe the security issue
Aikido indicates that com.lowagie:itext:2.1.7 is affected by 1 vulnerability:

CVE-2017-9096

Vulnerability Location
This is a third party library.

Environment (please complete the following information if it is applicable to the issue)
Every environment. Vulnerable library bundled with software.

Suggested remediation
Update com.lowagie:itext:2.1.7 (MPL 1.1) to com.itextpdf:itextpdf:5.5.13.5 (AGPL 3.0)

Alternatively:
com.github.librepdf:openpdf:3.0.5 (LGPL 2.1/MPL 2.0)

Additional context
https://kb.itextpdf.com/it5kb/what-is-the-difference-between-lowagie-and-itext

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions