CVE-2022-44729

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache XML Graphics Batik version 1.16

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in Apache XML Graphics Batik. This vulnerability can be exploited by a malicious SVG, which could trigger the loading of external resources by default, causing resource consumption or, in some cases, information disclosure.

Recommendations For Apache XML Graphics Batik version 1.16, upgrade to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable component to minimize the risk of exploitation. Avoid using the vulnerable version of Apache XML Graphics Batik until the issue is resolved.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2023-08042

CVE-2022-44729

DLA-3619-1

GHSA-GQ5F-XV48-2365

OESA-2023-1651

OPENSUSE-SU-2024:13743-1

OPENSUSE-SU-2024_0808-1

SUSE-SU-2024:0777-1

SUSE-SU-2024:0808-1

Affected Products

Apache Xml Graphics Batik

Astra Linux

Suse

CVE-2022-44729

Weakness Enumeration

Related Identifiers

Affected Products

References · 54