Описание
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| batik | fixed | 1.12-1.1 | package | |
| batik | fixed | 1.10-2+deb10u1 | buster | package |
| batik | fixed | 1.8-4+deb9u2 | stretch | package |
Примечания
https://www.openwall.com/lists/oss-security/2020/06/15/2
patch: http://svn.apache.org/viewvc?view=revision&revision=1871084
corresponding bug: https://issues.apache.org/jira/browse/BATIK-1276
Связанные уязвимости
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
