Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-918
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| apache | xml_graphics_batik | * | <built-in method update of dict object at 0x72a9b0b6b240> | Application |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x72a9ccd2b540> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:xml_graphics_batik:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |