Vulnerabilities > CVE-2022-44730 - Server-Side Request Forgery (SSRF) vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0
- https://xmlgraphics.apache.org/security.html
- http://www.openwall.com/lists/oss-security/2023/08/22/3
- http://www.openwall.com/lists/oss-security/2023/08/22/5
- https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- https://security.gentoo.org/glsa/202401-11