Description
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Corner Ad Cross-Site Scripting (1.0.7)
WordPress Plugin Ads in bottom right Multiple Vulnerabilities (1.0)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2007-4652)
Oracle Database Server CVE-2006-1874 Vulnerability (CVE-2006-1874)
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650)