CVE-2022-38398

Опубликовано: 22 сент. 2022

Источник: debian

Описание

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
batik	fixed	1.15+dfsg-1		package

Примечания

https://www.openwall.com/lists/oss-security/2022/09/22/2
https://issues.apache.org/jira/browse/BATIK-1331
http://svn.apache.org/viewvc?view=revision&revision=1903462
https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading

Связанные уязвимости

CVE-2022-38398

CVSS3: 5.3

ubuntu

больше 3 лет назад

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38398

CVSS3: 5.3

redhat

больше 3 лет назад

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38398

CVSS3: 5.3

nvd

больше 3 лет назад

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

GHSA-c5xv-qc8p-mh2v

CVSS3: 5.3

github

больше 3 лет назад

Apache Batik Server-Side Request Forgery

SUSE-SU-2024:0777-1

suse-cvrf

почти 2 года назад

Security update for xmlgraphics-batik