Description
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
Remediation
References
https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
https://xmlgraphics.apache.org/security.html
http://www.openwall.com/lists/oss-security/2023/08/22/4
http://www.openwall.com/lists/oss-security/2023/08/22/2
https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
https://security.gentoo.org/glsa/202401-11
Related Vulnerabilities
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.12
CVE-2022-42009 Vulnerability in maven package org.apache.ambari:ambari
CVE-2022-34787 Vulnerability in maven package hudson.plugins:project-inheritance
CVE-2020-10968 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-39353 Vulnerability in maven package org.webjars.npm:xmldom__xmldom