CVE-2022-44729
N/A
N/A
Summary
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache XML Graphics Batik | 1.16 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://xmlgraphics.apache.org/security.html
- https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
- http://www.openwall.com/lists/oss-security/2023/08/22/2
- http://www.openwall.com/lists/oss-security/2023/08/22/4
- https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- https://security.gentoo.org/glsa/202401-11
References
- https://xmlgraphics.apache.org/security.html
- https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
- http://www.openwall.com/lists/oss-security/2023/08/22/2
- http://www.openwall.com/lists/oss-security/2023/08/22/4
- https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- https://security.gentoo.org/glsa/202401-11
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.