Name of the Vulnerable Software and Affected Versions:

Apache XML Graphics Batik version 1.16

Description:

The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in Apache XML Graphics Batik. This vulnerability can be exploited by a malicious SVG, which could trigger the loading of external resources by default, causing resource consumption or, in some cases, information disclosure.

Recommendations:

For Apache XML Graphics Batik version 1.16, upgrade to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable component to minimize the risk of exploitation. Avoid using the vulnerable version of Apache XML Graphics Batik until the issue is resolved.