CVE-2022-44729

2023-08-2219:16:29

CWE-918

apache

web.nvd.nist.gov

374

cve-2022-44729

server-side request forgery

apache software foundation

xml graphics batik

security vulnerability

nvd

upgrade

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.

On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

Affected configurations

Nvd

Vulners

Node

apachexml_graphics_batikRange1.0–1.16

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
apachexml_graphics_batik*cpe:2.3:a:apache:xml_graphics_batik:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	xml_graphics_batik	*	cpe:2.3:a:apache:xml_graphics_batik::::::::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache XML Graphics Batik",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.16"
      }
    ]
  }
]