oss-sec mailing list archives
Re: [CVE-2022-44729] Apache Batik information disclosure vulnerability
From: Nbxiglk <fibr3s () gmail com>
Date: Tue, 22 Aug 2023 16:07:16 +0800
Hi,The vuln type inside the email seems to be incorrect, it should be SSRF。 Simon Steiner <simonsteiner1984 () gmail com> 于2023年8月22日周二 16:00写道:
CVE-2022-44729: Apache Batik information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Batik 1.0 - 1.16 Description: Block loading external resource by default Mitigation: Users should upgrade to Batik 1.17 Credit: This issue was independently reported by nbxiglk References: http://xmlgraphics.apache.org/security.html https://issues.apache.org/jira/browse/BATIK-1349 The Apache XML Graphics team.
Current thread:
- [CVE-2022-44729] Apache Batik information disclosure vulnerability Simon Steiner (Aug 22)
- Re: [CVE-2022-44729] Apache Batik information disclosure vulnerability Nbxiglk (Aug 22)