org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in the createImageGraphicsNode
function in SVGImageElementBridge.java
because the function logic does not properly restrict external resources, which allows remote attackers to cause SSRF bypass and gain access to confidential information.
CPE | Name | Operator | Version |
---|---|---|---|
batik-bridge | le | 1.14 | |
batik-bridge | le | 1.14 |