CVE-2020-11987 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Url request injection
Description	The Apache Batik library before version 1.14 is vulnerable to server-side request forgery (SSRF) via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1617	java-batik	1.13-1	1.14-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/02/24/2 https://xmlgraphics.apache.org/security.html https://issues.apache.org/jira/browse/BATIK-1284 https://svn.apache.org/viewvc?view=revision&revision=1878396

References

https://www.openwall.com/lists/oss-security/2021/02/24/2
https://xmlgraphics.apache.org/security.html
https://issues.apache.org/jira/browse/BATIK-1284
https://svn.apache.org/viewvc?view=revision&revision=1878396