CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41704 – Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input
https://notcve.org/view.php?id=CVE-2022-41704
25 Oct 2022 — A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar código Java no confiable desde un SVG. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. • http://www.openwall.com/lists/oss-security/2022/10/25/2 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42890 – Apache Batik prior to 1.16 allows RCE via scripting
https://notcve.org/view.php?id=CVE-2022-42890
25 Oct 2022 — A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar código Java desde un SVG no confiable por medio de JavaScript. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. • http://www.openwall.com/lists/oss-security/2022/10/25/3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38398 – Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38398
22 Sep 2022 — Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante cargar una url mediante el protocolo jar. Este problema afecta a Batik de Apache XML Graphics versión 1.14 This vulnerability allows remote attackers to disclose sensitive information on affected installation... • https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38648 – PDFTranscoder does not block external resources
https://notcve.org/view.php?id=CVE-2022-38648
22 Sep 2022 — Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante conseguir recursos externos. Este problema afecta a Batik de Apache XML Graphics versión 1.14 This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fix... • https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 38%CPEs: 2EXPL: 2CVE-2022-40146 – Jar url should be blocked by DefaultScriptSecurity
https://notcve.org/view.php?id=CVE-2022-40146
22 Sep 2022 — Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Batik de Apache XML Graphics permite a un atacante acceder a archivos usando una url de Jar. Este problema afecta a Batik de Apache XML Graphics versión 1.14 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ... • https://github.com/soulfoodisgood/CVE-2022-40146 • CWE-918: Server-Side Request Forgery (SSRF) •