Description

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Remediation

References

CVE-2020-11987

Related Vulnerabilities

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.9.3)

MySQL CVE-2022-39404 Vulnerability (CVE-2022-39404)

ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-4718)

OpenVPN AS Other Vulnerability (CVE-2006-1629)

WordPress Plugin Product Catalog for WordPress Unspecified Vulnerability (1.4.5)

Severity

High

Classification

CVE-2020-11987 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Tags

Missing Update Known Vulnerabilities