Lucene search

K
cvelistApacheCVELIST:CVE-2020-11987
HistoryFeb 24, 2021 - 12:00 a.m.

CVE-2020-11987

2021-02-2400:00:00
apache
www.cve.org

7.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.7%

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Apache Batik",
    "versions": [
      {
        "version": "Apache Batik 1.13",
        "status": "affected"
      }
    ]
  }
]

References