CVE-2022-44729 – org.apache.xmlgraphics:batik-transcoder

Package

Manager: maven
Name: org.apache.xmlgraphics:batik-transcoder
Vulnerable Version: >=1.0 <1.17

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00106 pctl0.29318

Details

Apache XML Graphics Batik Server-Side Request Forgery vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

Metadata

Created: 2023-08-22T21:30:26Z
Modified: 2025-02-13T19:10:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-gq5f-xv48-2365/GHSA-gq5f-xv48-2365.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-gq5f-xv48-2365
Finding: F100
Auto approve: 1