cbcvebase.
CVE-2022-38398
published 2022-09-22

CVE-2022-38398: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects…

medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Affected

13 ranges
VendorProductVersion rangeFixed in
apachebatik
apachebatik>= 0 < 1.12-4+deb11u31.12-4+deb11u3
apachebatik>= 0 < 1.15+dfsg-11.15+dfsg-1
apachebatik>= 0 < 1.15+dfsg-11.15+dfsg-1
apachebatik>= 0 < 1.15+dfsg-11.15+dfsg-1
apachebatik>= 0 < 1.10-2~18.04.11.10-2~18.04.1
apachebatik>= 0 < 1.12-1ubuntu0.11.12-1ubuntu0.1
apachebatik>= 0 < 1.14-1ubuntu0.21.14-1ubuntu0.2
apachebatik>= 0 < 1.7.ubuntu-8ubuntu2.14.04.3+esm11.7.ubuntu-8ubuntu2.14.04.3+esm1
apachebatik>= 0 < 1.8-3ubuntu1+esm11.8-3ubuntu1+esm1
apache_software_foundationapache_xml_graphics
debianbatik< batik 1.15+dfsg-1 (bookworm)batik 1.15+dfsg-1 (bookworm)
debiandebian_linux

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv7.5HIGH