| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Url request injection |
|
| Description |
| + |
The Apache Batik library before version 1.14 is vulnerable to server-side request forgery (SSRF) via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests. |
|
| References |
| + |
https://www.openwall.com/lists/oss-security/2021/02/24/2 |
| + |
https://xmlgraphics.apache.org/security.html |
| + |
https://issues.apache.org/jira/browse/BATIK-1284 |
| + |
https://svn.apache.org/viewvc?view=revision&revision=1878396 |
|
| Notes |
|