CVE-2022-44729
7.1
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Exploitability: 1.8 / Impact: 5.2
Source: NVD
Description
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
Affected (2)
Products: Apache: Xml Graphics Batik · Debian: Debian Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 1.0 to 1.16 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 |
References (12)
Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Mailing ListVendor Advisory
Source: security@apache.org
Mailing List
Source: security@apache.org
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.