Lucene search
Gentoo FoundationMGASA-2021-0168HistoryApr 02, 2021 - 11:25 p.m.
Updated batik packages fix security vulnerabilities
2021-04-0223:25:05
Gentoo Foundation
advisories.mageia.org
29
0.007 Low
EPSS
Percentile
80.5%
A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via โxlink:hrefโ attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity (CVE-2019-17566). The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests (CVE-2020-11987).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | batik | <ย 1.13-1.3 | batik-1.13-1.3.mga7 |
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0168)
2022-01-28 00:00:00
Fedora: Security Advisory for batik (FEDORA-2021-65ff5f10e2)
2021-03-20 00:00:00
Fedora: Security Advisory for batik (FEDORA-2021-33a1b73e48)
2021-04-17 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: batik-1.14-1.fc34
2021-03-19 20:30:31
[SECURITY] Fedora 33 Update: batik-1.14-2.fc33
2021-04-16 14:36:49
[SECURITY] Fedora 32 Update: eclipse-m2e-core-1.16.1-1.fc32
2020-08-31 15:50:29
veracode
veracode
XML External Entity (XXE)
2021-02-25 04:34:00
Server-side Request Forgery (SSRF)
2020-06-16 09:19:33
ibm
ibm
mageia
mageia
Updated batik packages fix a security vulnerability
2021-03-17 09:16:07
ubuntucve
ubuntucve
CVE-2020-11987
2021-02-24 00:00:00
CVE-2019-17566
2020-11-12 00:00:00
prion
prion
Server side request forgery (ssrf)
2021-02-24 18:15:00
Server side request forgery (ssrf)
2020-11-12 18:15:00
osv
osv
Server-side request forgery (SSRF) in Apache Batik
2022-01-06 20:35:54
CVE-2020-11987
2021-02-24 18:15:11
CVE-2019-17566
2020-11-12 18:15:12
cve
cve
CVE-2020-11987
2021-02-24 18:15:00
CVE-2019-17566
2020-11-12 18:15:00
cvelist
cvelist
CVE-2020-11987
2021-02-24 00:00:00
CVE-2019-17566
2020-11-12 00:00:00
github
github
Server-side request forgery (SSRF) in Apache Batik
2022-01-06 20:35:54
Server-side request forgery (SSRF) in Apache Batik
2022-02-09 00:46:46
redhatcve
redhatcve
CVE-2020-11987
2021-03-01 19:03:16
CVE-2019-17566
2020-06-18 15:55:19
nessus
nessus
IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 SSRF (CVE-2019-17566)
2020-10-30 00:00:00
openSUSE Security Update : xmlgraphics-batik (openSUSE-2020-851)
2020-07-20 00:00:00
Fedora 33 : batik (2021-33a1b73e48)
2021-04-16 00:00:00
debiancve
debiancve
CVE-2020-11987
2021-02-24 18:15:00
CVE-2019-17566
2020-11-12 18:15:00
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00
ubuntu
ubuntu
Apache Batik vulnerabilities
2023-05-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2239
2023-10-10 08:57:57
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00
amazon
amazon
Important: batik
2023-03-02 21:49:00
Important: batik
2023-03-02 20:21:00
debian
debian
[SECURITY] [DLA 3619-1] batik security update
2023-10-14 22:16:56
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00