PT-2023-7021 · Apache+2 · Apache Xml Graphics Batik+2

Nbxiglk

Publicado

2023-08-22

Atualizado

2024-03-08

CVE-2022-44729

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache XML Graphics Batik version 1.16

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in Apache XML Graphics Batik. This vulnerability can be exploited by a malicious SVG, which could trigger the loading of external resources by default, causing resource consumption or, in some cases, information disclosure.

Recommendations For Apache XML Graphics Batik version 1.16, upgrade to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable component to minimize the risk of exploitation. Avoid using the vulnerable version of Apache XML Graphics Batik until the issue is resolved.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

BDU:2023-08042

CVE-2022-44729

DLA-3619-1

GHSA-GQ5F-XV48-2365

OESA-2023-1651

OPENSUSE-SU-2024:13743-1

OPENSUSE-SU-2024_0808-1

SUSE-SU-2024:0777-1

SUSE-SU-2024:0808-1

Produtos afetados

Apache Xml Graphics Batik

Astra Linux

Suse

PT-2023-7021 · Apache+2 · Apache Xml Graphics Batik+2

CVE-2022-44729

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54