CVE-2020-11987

Summary

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Affected Software

VendorProductVersion RangeStatus
n/aApache BatikApache Batik 1.13affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References