CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44729 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44729
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure. • http://www.openwall.com/lists/oss-security/2023/08/22/2 http://www.openwall.com/lists/oss-security/2023/08/22/4 https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://security.gentoo.org/glsa/202401-11 https://xmlgraphics.apache.org/security.html https://access.redhat.com/security/cve/CVE-2022-44729 https://bugzilla.redhat.com/show_bug.cgi?id=2233889 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44730 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44730
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks. • http://www.openwall.com/lists/oss-security/2023/08/22/3 http://www.openwall.com/lists/oss-security/2023/08/22/5 https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://security.gentoo.org/glsa/202401-11 https://xmlgraphics.apache.org/security.html https://access.redhat.com/security/cve/CVE-2022-44730 https://bugzilla.redhat.com/show_bug.cgi?id=2233899 • CWE-918: Server-Side Request Forgery (SSRF) •