Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202401-11
HistoryJan 07, 2024 - 12:00 a.m.

Apache Batik: Multiple Vulnerabilities

2024-01-0700:00:00
Gentoo Foundation
security.gentoo.org
12
apache batik
svg format
vulnerabilities

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.9%

JSON

Background

Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation.

Description

Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Apache Batik users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-java/batik< 1.17UNKNOWN

Related

nessus 20
ubuntu 2
osv 23
openvas 14
debian 4
amazon 2
mageia 3
ibm 39
rosalinux 1
atlassian 8
redos 1
prion 10
cve 10
github 10
veracode 10
debiancve 10
fedora 4
ubuntucve 10
redhatcve 10
zdi 2
cnvd 3
githubexploit 1
suse 2
nessus
nessus
GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities
2024-01-09 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)
2023-05-30 00:00:00
SUSE SLES12 Security Update : xmlgraphics-batik (SUSE-SU-2024:0777-1)
2024-03-07 00:00:00
ubuntu
ubuntu
Apache Batik vulnerabilities
2023-05-30 00:00:00
Batik vulnerability
2018-05-29 00:00:00
osv
osv
batik vulnerabilities
2023-05-30 14:31:05
batik - security update
2023-10-14 00:00:00
batik - security update
2022-10-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6117-1)
2023-05-31 00:00:00
Debian: Security Advisory (DLA-3619-1)
2023-10-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0068)
2024-03-18 00:00:00
debian
debian
[SECURITY] [DLA 3619-1] batik security update
2023-10-14 22:16:33
[SECURITY] [DSA 5264-1] batik security update
2022-10-29 21:58:51
[SECURITY] [DLA 3169-1] batik security update
2022-10-29 15:13:48
amazon
amazon
Important: batik
2023-03-02 21:49:00
Important: batik
2023-03-02 20:21:00
mageia
mageia
Updated batik packages fix security vulnerabilities
2024-03-16 19:28:17
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
Updated batik packages fix a security vulnerability
2021-03-17 09:16:07
ibm
ibm
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
2023-10-04 10:44:16
Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)
2023-05-02 07:45:16
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
2023-04-05 15:03:48
rosalinux
rosalinux
Advisory ROSA-SA-2023-2239
2023-10-10 08:57:57
atlassian
atlassian
Jira is affected by CVE-2022-42890 &
2023-03-09 00:04:38
SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server
2023-12-13 07:45:23
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server
2024-02-14 10:47:23
redos
redos
ROS-20221103-03
2022-11-03 00:00:00
prion
prion
Server side request forgery (ssrf)
2023-08-22 19:16:00
Code injection
2022-10-25 17:15:00
Server side request forgery (ssrf)
2022-09-22 15:15:00
cve
cve
CVE-2022-44729
2023-08-22 19:16:00
CVE-2022-44730
2023-08-22 19:16:00
CVE-2022-38398
2022-09-22 15:15:00
github
github
Apache XML Graphics Batik Server-Side Request Forgery vulnerability
2023-08-22 21:30:26
Apache Batik Server-Side Request Forgery
2022-09-23 00:00:39
Untrusted code execution in Apache XML Graphics Batik
2022-10-25 19:00:29
veracode
veracode
Information Disclosure
2022-10-26 10:11:51
Information Disclosure
2018-05-24 02:45:41
Server-Side Request Forgery (SSRF)
2023-08-24 05:40:22
debiancve
debiancve
CVE-2022-38398
2022-09-22 15:15:00
CVE-2022-41704
2022-10-25 17:15:00
CVE-2022-44730
2023-08-22 19:16:00
fedora
fedora
[SECURITY] Fedora 34 Update: batik-1.14-1.fc34
2021-03-19 20:30:31
[SECURITY] Fedora 33 Update: batik-1.14-2.fc33
2021-04-16 14:36:49
[SECURITY] Fedora 27 Update: batik-1.10-1.fc27
2018-06-09 19:47:37
ubuntucve
ubuntucve
CVE-2022-44729
2023-08-22 00:00:00
CVE-2020-11987
2021-02-24 00:00:00
CVE-2022-40146
2022-09-22 00:00:00
redhatcve
redhatcve
CVE-2022-38398
2022-12-20 17:05:08
CVE-2022-44729
2023-08-24 17:15:24
CVE-2018-8013
2018-05-23 14:20:02
zdi
zdi
Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability
2022-10-04 00:00:00
Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability
2022-10-04 00:00:00
cnvd
cnvd
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73693)
2022-09-26 00:00:00
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability
2022-09-26 00:00:00
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73690)
2022-09-26 00:00:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Apache Batik
2022-11-01 03:41:36
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.9%

JSON
Related for GLSA-202401-11
nessus20ubuntu2osv23openvas14debian4amazon2mageia3ibm39rosalinux1atlassian8redos1prion10cve10github10veracode10debiancve10fedora4ubuntucve10redhatcve10zdi2cnvd3githubexploit1suse2