- Package:
- src:plantuml
- Source:
- src:plantuml
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2025-03-11 07:24:02 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for plantuml. CVE-2023-3432[0]: | Server-Side Request Forgery (SSRF) in GitHub repository | plantuml/plantuml prior to 1.2023.9. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3432 https://www.cve.org/CVERecord?id=CVE-2023-3432 [1] https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51/ [2] https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Hello, I tried porting fixes for these, but I think I lack some Java skills or knowledge of the code base to be able to rebase them correctly.
Hello, The focus right now needs to be on porting fixes for the security issues: * https://bugs.debian.org/1039999 * https://bugs.debian.org/1040000 I tried dealing with those but haven’t produced anything usable, unfortunately.