batik-svgrasterizer is vulnerable to server side request forgery (SSRF). It is possible as it does not prevent an attacker to make malicious GET requests on behalf of the server through the use of xlink:href
attributes which allows access to internal resources.
CPE | Name | Operator | Version |
---|---|---|---|
batik-svgrasterizer | le | 1.12 | |
batik-svgrasterizer | le | 1.12 |
issues.apache.org/jira/browse/BATIK-1276
lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E
lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3E
seclists.org/oss-sec/2020/q2/189
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html
www.oracle.com/security-alerts/cpuoct2021.html
xmlgraphics.apache.org/security.html