Описание
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Developer Tools | rh-eclipse-batik | Affected | ||
| Red Hat Enterprise Linux 6 | batik | Out of support scope | ||
| Red Hat Enterprise Linux 7 | batik | Out of support scope | ||
| Red Hat Enterprise Linux 8 | eclipse:rhel8/batik | Not affected | ||
| Red Hat JBoss Fuse 6 | batik | Out of support scope | ||
| Red Hat Fuse 7.10 | batik | Fixed | RHSA-2021:5134 | 14.12.2021 |
Показывать по
Дополнительная информация
Статус:
8.2 High
CVSS3
Связанные уязвимости
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...
Server-side request forgery (SSRF) in Apache Batik
8.2 High
CVSS3