CVE-2022-38648

CWE-918 — Server-Side Request Forgery (SSRF)9 documents7 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 54.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache XML Graphics Apache Batik Debian Debian Linux

Timeline

PublishedSep 22

Latest updateMay 30

Description

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶Mavenorg.apache.xmlgraphics:batik< 1.15

▶Mavenorg.apache.xmlgraphics:batik-bridge< 1.15

▶NVDapache/batik1.14

▶CVEListV5apache_software_foundation/apache_xml_graphicsBatik 1.14

▶Debianbatik< 1.12-4+deb11u3+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

batik vulnerabilities↗2023-05-30

▶

GHSA

Apache Batik vulnerable to Server-Side Request Forgery↗2022-09-23

▶

OSV

Apache Batik vulnerable to Server-Side Request Forgery↗2022-09-23

▶

CVEList

PDFTranscoder does not block external resources↗2022-09-22

▶

OSV

CVE-2022-38648: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources↗2022-09-22

▶

📋Vendor Advisories

Ubuntu

Apache Batik vulnerabilities↗2023-05-30

▶

Red Hat

batik: Server-Side Request Forgery↗2022-09-22

▶

Debian

CVE-2022-38648: batik - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics...↗2022

▶