bio.ferlab:obo-parser_2.12 (=1.3.1), camp.xit.jacod:jacod-provider-xlsx (>=1.3.5 <=1.3.7) +536 more potentially affected by CVE-2022-44729 via org.apache.xmlgraphics:batik-svgrasterizer (>=1.10 <=1.16)

org.apache.xmlgraphics:batik-svgrasterizer MAVEN version =1.10, =1.3.5, =1.1.0, =2021.8.0, =4.20.0, =0.0.1, =1.0.0, =2.0.2, =2.0.2, =2.1.0, =3-BETA9, =3.0.0-beta3 and more Source cves: CVE-2022-44729 Source advisory: OSV:GHSA-GQ5F-XV48-2365...

Server-side Request Forgery (SSRF)

batik-svgrasterizer is vulnerable to server side request forgery SSRF. It is possible as it does not prevent an attacker to make malicious GET requests on behalf of the server through the use of xlink:hrefattributes which allows access to internal resources...