CVE-2022-38648
published 2022-09-22CVE-2022-38648: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | batik | — | — |
| apache | batik | >= 0 < 1.12-4+deb11u3 | 1.12-4+deb11u3 |
| apache | batik | >= 0 < 1.15+dfsg-1 | 1.15+dfsg-1 |
| apache | batik | >= 0 < 1.15+dfsg-1 | 1.15+dfsg-1 |
| apache | batik | >= 0 < 1.15+dfsg-1 | 1.15+dfsg-1 |
| apache | batik | >= 0 < 1.10-2~18.04.1 | 1.10-2~18.04.1 |
| apache | batik | >= 0 < 1.12-1ubuntu0.1 | 1.12-1ubuntu0.1 |
| apache | batik | >= 0 < 1.14-1ubuntu0.2 | 1.14-1ubuntu0.2 |
| apache | batik | >= 0 < 1.7.ubuntu-8ubuntu2.14.04.3+esm1 | 1.7.ubuntu-8ubuntu2.14.04.3+esm1 |
| apache | batik | >= 0 < 1.8-3ubuntu1+esm1 | 1.8-3ubuntu1+esm1 |
| apache_software_foundation | apache_xml_graphics | — | — |
| debian | batik | < batik 1.15+dfsg-1 (bookworm) | batik 1.15+dfsg-1 (bookworm) |
| debian | debian_linux | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv7.5HIGH