CVE-2019-17566

Summary

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Affected Software

VendorProductVersion RangeStatus
n/aApache BatikApache Batik 1.12 and olderaffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References