Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

References

lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx

lists.debian.org/debian-lts-announce/2023/10/msg00021.html

security.gentoo.org/glsa/202401-11

osv 3

github 1

debiancve 1

zdi 1

cve 1

redhatcve 1

prion 1

cvelist 1

cnvd 1

veracode 1

ubuntucve 1

ibm 10

mageia 1

openvas 3

amazon 2

nessus 6

debian 1

ubuntu 1

gentoo 1

redhat 2

oracle 2

osv

Apache Batik Server-Side Request Forgery

2022-09-23 00:00:39

batik - security update

2023-10-14 00:00:00

batik vulnerabilities

2023-05-30 14:31:05

github

Apache Batik Server-Side Request Forgery

2022-09-23 00:00:39

debiancve

CVE-2022-38398

2022-09-22 15:15:00

zdi

Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability

2022-10-04 00:00:00

cve

CVE-2022-38398

2022-09-22 15:15:00

redhatcve

CVE-2022-38398

2022-12-20 17:05:08

prion

Server side request forgery (ssrf)

2022-09-22 15:15:00

cvelist

CVE-2022-38398 Server-Side Request Forgery Information Disclosure Vulnerability

2022-09-22 00:00:00

cnvd

Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73693)

2022-09-26 00:00:00

veracode

Server-Side Request Forgery

2022-09-26 12:09:46

ubuntucve

CVE-2022-38398

2022-09-22 00:00:00

ibm

Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

2023-10-04 10:44:16

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

2023-05-02 07:45:16

Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixe for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 for batik-bridge-1.7.jar (Publicly disclosed vulnerability found by Mend)

2023-07-13 10:57:51

mageia

Updated batik packages fix security vulnerabilities

2024-03-16 19:28:17

openvas

Mageia: Security Advisory (MGASA-2024-0068)

2024-03-18 00:00:00

Debian: Security Advisory (DLA-3619-1)

2023-10-16 00:00:00

Ubuntu: Security Advisory (USN-6117-1)

2023-05-31 00:00:00

amazon

Important: batik

2023-03-02 21:49:00

Important: batik

2023-03-02 20:21:00

nessus

Amazon Linux 2 : batik (ALAS-2023-1966)

2023-03-07 00:00:00

Amazon Linux AMI : batik (ALAS-2023-1695)

2023-03-07 00:00:00

Debian DLA-3619-1 : batik - LTS security update

2023-10-14 00:00:00

debian

[SECURITY] [DLA 3619-1] batik security update

2023-10-14 22:16:56

ubuntu

Apache Batik vulnerabilities

2023-05-30 00:00:00

gentoo

Apache Batik: Multiple Vulnerabilities

2024-01-07 00:00:00

redhat

(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update

2023-06-29 20:05:32

(RHSA-2023:2100) Important: Red Hat Integration Camel for Spring Boot 3.20.1 security update

2023-05-03 14:03:49

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.5%

JSON

Related for OSV:CVE-2022-38398