CVE-2022-40146

Опубликовано: 22 сент. 2022

Источник: redhat

CVSS3: 7.5

EPSS Средний

Описание

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat build of Quarkus	batik	Will not fix
Red Hat Decision Manager 7	batik	Out of support scope
Red Hat Integration Camel K 1	batik	Affected
Red Hat Integration Camel Quarkus 1	batik	Will not fix
Red Hat JBoss Data Grid 7	batik	Out of support scope
Red Hat JBoss Fuse 6	batik	Out of support scope
Red Hat JBoss Fuse Service Works 6	batik	Out of support scope
Red Hat Process Automation 7	batik	Out of support scope
Red Hat Fuse 7.12	batik	Fixed	RHSA-2023:3954	29.06.2023
RHINT Camel-Springboot 3.20.1	batik	Fixed	RHSA-2023:2100	03.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-918

https://bugzilla.redhat.com/show_bug.cgi?id=2155291batik: Server-Side Request Forgery (SSRF) vulnerability

EPSS

Процентиль: 97%

0.41222

Средний

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-40146

CVSS3: 7.5

ubuntu

больше 3 лет назад

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-40146

CVSS3: 7.5

nvd

больше 3 лет назад

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-40146

CVSS3: 7.5

debian

больше 3 лет назад

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...

GHSA-h4qg-p7r2-cpg3

CVSS3: 7.5

github

больше 3 лет назад

Apache Batik vulnerable to Server-Side Request Forgery

SUSE-SU-2024:0777-1

suse-cvrf

почти 2 года назад

Security update for xmlgraphics-batik

EPSS

Процентиль: 97%

0.41222

Средний

7.5 High

CVSS3