CVE-2022-44730

Name of the Vulnerable Software and Affected Versions Apache XML Graphics Batik version 1.16

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the Apache XML Graphics Batik library, which is used for working with SVG images. This vulnerability is caused by insufficient checking of incoming requests. Exploitation of this vulnerability can allow an attacker to perform an SSRF attack, which can probe user profile/data and send it directly as a parameter to a URL. A malicious SVG can be used to exploit this vulnerability.

Recommendations For Apache XML Graphics Batik version 1.16, consider disabling the processing of SVG images until a patch is available. Restrict access to the vulnerable library to minimize the risk of exploitation. Avoid using the library to process untrusted SVG images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.