Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

References

lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx

lists.debian.org/debian-lts-announce/2023/10/msg00021.html

security.gentoo.org/glsa/202401-11

veracode 1

atlassian 2

nessus 7

osv 3

githubexploit 1

redhatcve 1

github 1

ubuntucve 1

cvelist 1

cve 1

debiancve 1

zdi 1

prion 1

cnvd 1

ibm 11

mageia 1

openvas 3

amazon 2

debian 1

ubuntu 1

gentoo 1

redhat 2

oracle 3

veracode

Server-Side Request Forgery

2022-09-26 12:42:58

atlassian

SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

2024-02-14 10:47:23

SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server

2023-11-03 00:46:20

nessus

Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93178)

2023-11-22 00:00:00

Amazon Linux AMI : batik (ALAS-2023-1695)

2023-03-07 00:00:00

Debian DLA-3619-1 : batik - LTS security update

2023-10-14 00:00:00

osv

Apache Batik vulnerable to Server-Side Request Forgery

2022-09-23 00:00:40

batik - security update

2023-10-14 00:00:00

batik vulnerabilities

2023-05-30 14:31:05

githubexploit

Exploit for Server-Side Request Forgery in Apache Batik

2022-11-01 03:41:36

redhatcve

CVE-2022-40146

2022-12-20 17:05:11

github

Apache Batik vulnerable to Server-Side Request Forgery

2022-09-23 00:00:40

ubuntucve

CVE-2022-40146

2022-09-22 00:00:00

cvelist

CVE-2022-40146 Jar url should be blocked by DefaultScriptSecurity

2022-09-22 00:00:00

cve

CVE-2022-40146

2022-09-22 15:15:00

debiancve

CVE-2022-40146

2022-09-22 15:15:00

zdi

Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability

2022-10-04 00:00:00

prion

Server side request forgery (ssrf)

2022-09-22 15:15:00

cnvd

Apache XML Graphics Batik Server-Side Request Forgery Vulnerability

2022-09-26 00:00:00

ibm

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

2023-05-02 07:45:16

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

2023-05-02 07:44:24

Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

2023-10-04 10:44:16

mageia

Updated batik packages fix security vulnerabilities

2024-03-16 19:28:17

openvas

Mageia: Security Advisory (MGASA-2024-0068)

2024-03-18 00:00:00

Debian: Security Advisory (DLA-3619-1)

2023-10-16 00:00:00

Ubuntu: Security Advisory (USN-6117-1)

2023-05-31 00:00:00

amazon

Important: batik

2023-03-02 21:49:00

Important: batik

2023-03-02 20:21:00

debian

[SECURITY] [DLA 3619-1] batik security update

2023-10-14 22:16:56

ubuntu

Apache Batik vulnerabilities

2023-05-30 00:00:00

gentoo

Apache Batik: Multiple Vulnerabilities

2024-01-07 00:00:00

redhat

(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update

2023-06-29 20:05:32

(RHSA-2023:2100) Important: Red Hat Integration Camel for Spring Boot 3.20.1 security update

2023-05-03 14:03:49

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.9%

JSON

Related for OSV:CVE-2022-40146