Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/08/22/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/08/22/4 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 | Mailing List Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html | Mailing List |
https://security.gentoo.org/glsa/202401-11 | |
https://xmlgraphics.apache.org/security.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2023-08-22T14:12:50.301Z
Updated: 2023-08-22T14:12:50.301Z
Reserved: 2022-11-04T09:23:15.973Z
Link: CVE-2022-44729
JSON object: View
NVD Information
Status : Modified
Published: 2023-08-22T19:16:29.833
Modified: 2024-01-07T11:15:10.567
Link: CVE-2022-44729
JSON object: View
Redhat Information
No data.
CWE