CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44729 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44729
22 Aug 2023 — Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default,... • http://www.openwall.com/lists/oss-security/2023/08/22/2 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44730 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44730
22 Aug 2023 — Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks. Multiple vulnerabilities have been found in Apache Batik, the worst of which co... • http://www.openwall.com/lists/oss-security/2023/08/22/3 • CWE-918: Server-Side Request Forgery (SSRF) •