CVE-2022-38648

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache XML Graphics Batik version 1.14

Description A Server-Side Request Forgery (SSRF) issue allows an attacker to fetch external resources. This can be exploited by an attacker to access resources that should not be accessible.

Recommendations For Apache XML Graphics Batik version 1.14, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-38648

DLA-3619-1

DLA-4243-1

GHSA-53JM-3HC9-FQQC

MGASA-2024-0068

OESA-2023-1651

OPENSUSE-SU-2024:12363-1

SUSE-SU-2024:0777-1

USN-6117-1

Affected Products

Apache Xml Graphics Batik

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

CVE-2022-38648

Weakness Enumeration

Related Identifiers

Affected Products

References · 64