Описание
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | batik | Out of support scope | ||
| Red Hat CodeReady Studio 12 | batik | Not affected | ||
| Red Hat Enterprise Linux 6 | batik | Out of support scope | ||
| Red Hat Enterprise Linux 7 | batik | Will not fix | ||
| Red Hat Enterprise Linux 8 | eclipse | Not affected | ||
| Red Hat JBoss BRMS 6 | batik | Out of support scope | ||
| Red Hat JBoss Fuse 6 | batik | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | batik | Out of support scope | ||
| Red Hat Fuse 7.8.0 | batik | Fixed | RHSA-2020:5568 | 16.12.2020 |
| RHDM 7.9.0 | batik | Fixed | RHSA-2020:4960 | 05.11.2020 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik is vulnerable to server-side request forgery, caused by i ...
7.5 High
CVSS3