oss-sec mailing list archives
[CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability
From: "Simon Steiner" <simonsteiner1984 () gmail com>
Date: Wed, 24 Feb 2021 12:01:06 -0000
CVE-2020-11987: Apache XML Graphics Batik SSRF vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Batik 1.13 and earlier Description: The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests. Mitigation: Users should upgrade to Batik 1.13 or later Credit: This issue was independently reported by 张相浩 References: http://xmlgraphics.apache.org/security.html The Apache XML Graphics team.
Current thread:
- [CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability Simon Steiner (Feb 24)