CVE-2022-40146
published 2022-09-22CVE-2022-40146: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | batik | — | — |
| apache | batik | >= 0 < 1.12-4+deb11u3 | 1.12-4+deb11u3 |
| apache | batik | >= 0 < 1.15+dfsg-1 | 1.15+dfsg-1 |
| apache | batik | >= 0 < 1.15+dfsg-1 | 1.15+dfsg-1 |
| apache | batik | >= 0 < 1.15+dfsg-1 | 1.15+dfsg-1 |
| apache | batik | >= 0 < 1.10-2~18.04.1 | 1.10-2~18.04.1 |
| apache | batik | >= 0 < 1.12-1ubuntu0.1 | 1.12-1ubuntu0.1 |
| apache | batik | >= 0 < 1.14-1ubuntu0.2 | 1.14-1ubuntu0.2 |
| apache | batik | >= 0 < 1.7.ubuntu-8ubuntu2.14.04.3+esm1 | 1.7.ubuntu-8ubuntu2.14.04.3+esm1 |
| apache | batik | >= 0 < 1.8-3ubuntu1+esm1 | 1.8-3ubuntu1+esm1 |
| apache_software_foundation | apache_xml_graphics | — | — |
| atlassian | jira_software | — | — |
| debian | batik | < batik 1.15+dfsg-1 (bookworm) | batik 1.15+dfsg-1 (bookworm) |
| debian | debian_linux | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH