oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [CVE-2022-44729] Apache Batik information disclosure vulnerability

From: Nbxiglk <fibr3s () gmail com>
Date: Tue, 22 Aug 2023 16:07:16 +0800
Hi,The vuln type inside the email seems to be incorrect, it should be SSRF。

Simon Steiner <simonsteiner1984 () gmail com> 于2023年8月22日周二 16:00写道:


CVE-2022-44729:
        Apache Batik information disclosure vulnerability

Severity:
        Medium

Vendor:
        The Apache Software Foundation

Versions Affected:
        Batik 1.0 - 1.16

Description:
        Block loading external resource by default

Mitigation:
        Users should upgrade to Batik 1.17

Credit:
        This issue was independently reported by nbxiglk

References:
        http://xmlgraphics.apache.org/security.html
        https://issues.apache.org/jira/browse/BATIK-1349

The Apache XML Graphics team.
Previous By Date Next
Previous By Thread Next

Current thread: