SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CVSS...

Server-Side Request Forgery

org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in the createImageGraphicsNode function in SVGImageElementBridge.java because the function logic does not properly restrict external resources, which allows remote attackers to cause SSRF...