Apache XML Graphics Batik: Information disclosure vulnerability
CVE-2022-44730

4.4MEDIUM

Key Information:

Vendor: Apache
Status: Apache Xml Graphics Batik
Vendor: CVE Published:; 22 August 2023

Summary

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.

A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

Affected Version(s)

Apache XML Graphics Batik 1.16

References

https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj...

vendor-advisory

https://xmlgraphics.apache.org/security.html

http://www.openwall.com/lists/oss-security/2023/08/22/3

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Nov 4, 2022