CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44729 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44729
22 Aug 2023 — Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default,... • http://www.openwall.com/lists/oss-security/2023/08/22/2 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44730 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44730
22 Aug 2023 — Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks. Multiple vulnerabilities have been found in Apache Batik, the worst of which co... • http://www.openwall.com/lists/oss-security/2023/08/22/3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42890 – Apache Batik prior to 1.16 allows RCE via scripting
https://notcve.org/view.php?id=CVE-2022-42890
25 Oct 2022 — A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar código Java desde un SVG no confiable por medio de JavaScript. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. • http://www.openwall.com/lists/oss-security/2022/10/25/3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41704 – Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input
https://notcve.org/view.php?id=CVE-2022-41704
25 Oct 2022 — A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar código Java no confiable desde un SVG. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. • http://www.openwall.com/lists/oss-security/2022/10/25/2 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38648 – PDFTranscoder does not block external resources
https://notcve.org/view.php?id=CVE-2022-38648
22 Sep 2022 — Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante conseguir recursos externos. Este problema afecta a Batik de Apache XML Graphics versión 1.14 This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fix... • https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38398 – Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38398
22 Sep 2022 — Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante cargar una url mediante el protocolo jar. Este problema afecta a Batik de Apache XML Graphics versión 1.14 This vulnerability allows remote attackers to disclose sensitive information on affected installation... • https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 34%CPEs: 2EXPL: 2CVE-2022-40146 – Jar url should be blocked by DefaultScriptSecurity
https://notcve.org/view.php?id=CVE-2022-40146
22 Sep 2022 — Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante acceder a archivos usando una url de Jar. Este problema afecta a Batik de Apache XML Graphics versión 1.14 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ... • https://github.com/soulfoodisgood/CVE-2022-40146 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.2EPSS: 0%CPEs: 37EXPL: 0CVE-2020-11987 – batik: SSRF due to improper input validation by the NodePickerPanel
https://notcve.org/view.php?id=CVE-2020-11987
24 Feb 2021 — Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Apache Batik versión 1.13 es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación de entrada inapropiada por parte de NodePickerPanel. Al usar un argumento especialmente diseñado, un atacante podría e... • https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2019-17566 – batik: SSRF via "xlink:href"
https://notcve.org/view.php?id=CVE-2019-17566
06 Nov 2020 — Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Apache Batik es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación inapropiada de la entrada por parte de los atributos "xlink:href". Al utilizar un argumento especialmente diseñado, un atacante ... • https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 7%CPEs: 180EXPL: 1CVE-2019-13990 – libquartz: XXE attacks via job description
https://notcve.org/view.php?id=CVE-2019-13990
26 Jul 2019 — initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. La función initDocumentParser en el archivo xml/XMLSchedulingDataProcessor.java en Quartz Scheduler de Terracotta hasta la versión 2.3.0, permite ataques de tipo XXE por medio de una descripción del trabajo. The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of X... • https://github.com/epicosy/Quartz-1 • CWE-611: Improper Restriction of XML External Entity Reference •