Description

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

Remediation

References

https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2

https://xmlgraphics.apache.org/security.html

http://www.openwall.com/lists/oss-security/2023/08/22/4

http://www.openwall.com/lists/oss-security/2023/08/22/2

https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html

https://security.gentoo.org/glsa/202401-11

Related Vulnerabilities

CVE-2021-27515 Vulnerability in maven package org.webjars.bowergithub.unshiftio:url-parse

CVE-2019-16558 Vulnerability in maven package com.inflectra.spiratest.plugins:inflectra-spira-integration

CVE-2022-25171 Vulnerability in npm package p4

CVE-2022-31679 Vulnerability in maven package org.springframework.data:spring-data-rest-webmvc

CVE-2022-29253 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

High

Classification

CWE-918 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Tags

Mailing List Vendor Advisory Third Party Advisory