126 matches found
Exploit for CVE-2023-21939
JDK CVE-2023-21939 文章链接https://mp.weixin.qq.com/s?biz=M...
Server-Side Request Forgery (SSRF)
Apache XML Graphics Batik is vulnerable to Server-Side Request Forgery SSRF. An attacker is able to trick the application into loading a malicious SVG file, which could then be used to cause excess resource consumption or make unauthorized requests to other systems...
CVE-2022-44729
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...
CVE-2022-44729
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...
CVE-2022-44730
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...
CVE-2022-44729
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...
CVE-2022-44729 Apache XML Graphics Batik: Information disclosure vulnerability
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...
CVE-2022-44730
CVE-2022-44730 is a Server-Side Request Forgery (SSRF) in Apache XML Graphics Batik (affected version: 1.16). A malicious SVG can probe user data and send it as a parameter to a URL; advisories (IBM bulletin, ALAS-2025-2801, Amazon Linux advisories) identify this alongside CVE-2022-44729 and reco...
batik: Server-Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
batik: Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...
batik: Untrusted code execution in Apache XML Graphics Batik
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript...
Oracle Business Process Management Suite (Apr 2023 CPU)
The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the April 2023 CPU advisory. Specifically: - Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java...
CVE-2022-42890
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript...
Amazon Linux 2 : batik (ALAS-2023-1966)
The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory. Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the...
Amazon Linux AMI : batik (ALAS-2023-1695)
The version of batik installed on the remote host is prior to 1.7-10.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1695 advisory. Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel...
Important: batik
Issue Overview: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...
SUSE CVE-2022-38398
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
SUSE CVE-2022-38648
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...
SUSE CVE-2022-40146
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...