CVE-2022-44729
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
| Software | From | Fixed in |
|---|---|---|
org.apache.xmlgraphics / batik-bridge
|
1.0 | 1.17 |
|
org.apache.xmlgraphics / batik-svgrasterizer
|
1.0 | 1.17 |
|
org.apache.xmlgraphics / batik-transcoder
|
1.0 | 1.17 |
| apache / xml_graphics_batik | 1.0 | 1.16.x |
| debian / debian_linux | 10.0 | 10.0.x |
- http://www.openwall.com/lists/oss-security/2023/08/22/2
- http://www.openwall.com/lists/oss-security/2023/08/22/4
- https://github.com/apache/xmlgraphics-batik/commit/85b3457d9902f64d5d409a8da060d5ba47d0b69b
- https://github.com/apache/xmlgraphics-batik/commit/aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893
- https://issues.apache.org/jira/browse/BATIK-1349
- https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
- https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- https://security.gentoo.org/glsa/202401-11
- https://xmlgraphics.apache.org/security.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime