CVE-2020-11987 log

Source
Severity Medium
Remote Yes
Type Url request injection
Description
The Apache Batik library before version 1.14 is vulnerable to server-side request forgery (SSRF) via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests.
Group Package Affected Fixed Severity Status Ticket
AVG-1617 java-batik 1.13-1 1.14-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/02/24/2
https://xmlgraphics.apache.org/security.html
https://issues.apache.org/jira/browse/BATIK-1284
https://svn.apache.org/viewvc?view=revision&revision=1878396