Lucene search

K

GitHub Advisory DatabaseGHSA-WFW6-MMMP-87XM

HistoryMay 17, 2022 - 12:28 a.m.

Improper Input Validation in Apache Batik

2022-05-1700:28:34

CWE-20

GitHub Advisory Database

github.com

11

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.043 Low

EPSS

Percentile

92.3%

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Affected configurations

Vulners

Node

org.apache.xmlgraphics\Matchbatik

CPENameOperatorVersion
org.apache.xmlgraphics:batiklt1.8

References

advisories.mageia.org/MGASA-2015-0138.html

packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html

rhn.redhat.com/errata/RHSA-2016-0041.html

rhn.redhat.com/errata/RHSA-2016-0042.html

seclists.org/fulldisclosure/2015/Mar/142

www-01.ibm.com/support/docview.wss?uid=swg21963275

www.debian.org/security/2015/dsa-3205

www.mandriva.com/security/advisories?name=MDVSA-2015:203

www.securitytracker.com/id/1032781

www.ubuntu.com/usn/USN-2548-1

xmlgraphics.apache.org/security.html

github.com/advisories/GHSA-wfw6-mmmp-87xm

nvd.nist.gov/vuln/detail/CVE-2015-0250

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.043 Low

EPSS

Percentile

92.3%

Related for GHSA-WFW6-MMMP-87XM

osv1 ubuntu1 openvas8 ibm20 nessus13 mageia1 veracode1 debian3 ubuntucve1 cvelist1 cve1 redhat4 fedora3 securityvulns2 nvd1 prion1 archlinux1 debiancve1 gitlab1 oracle1