Severity |
|
Remote |
|
Type |
- |
Unknown |
+ |
Url request injection |
|
Description |
+ |
The Apache Batik library before version 1.14 is vulnerable to server-side request forgery (SSRF) via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests. |
|
References |
+ |
https://www.openwall.com/lists/oss-security/2021/02/24/2 |
+ |
https://xmlgraphics.apache.org/security.html |
+ |
https://issues.apache.org/jira/browse/BATIK-1284 |
+ |
https://svn.apache.org/viewvc?view=revision&revision=1878396 |
|
Notes |
|