CVE-2022-44729

2023-08-2219:16:29

CWE-918

[email protected]

web.nvd.nist.gov

server-side request forgery

apache xml graphics batik

cve-2022-44729

information disclosure

version 1.16

upgrade

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.

On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.