High severityNVD Advisory· Published Nov 12, 2020· Updated Aug 5, 2024
CVE-2019-17566
CVE-2019-17566
Description
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.xmlgraphics:batikMaven | < 1.13 | 1.13 |
Affected products
7- Apache/Batikdescription
- ghsa-coords6 versionspkg:maven/org.apache.xmlgraphics/batikpkg:rpm/opensuse/xmgraphics-batik&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xmlgraphics-batik&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Package%20Hub%2015%20SP1
< 1.13+ 5 more
- (no CPE)range: < 1.13
- (no CPE)range: < 1.14-2.5
- (no CPE)range: < 1.9-lp151.6.3.1
- (no CPE)range: < 1.8-3.3.1
- (no CPE)range: < 1.8-3.3.1
- (no CPE)range: < 1.9-bp151.2.3.1
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-cmx4-p4v5-hmr5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-17566ghsaADVISORY
- security.gentoo.org/glsa/202401-11ghsavendor-advisoryWEB
- github.com/apache/xmlgraphics-batik/commit/bc6078ca949039e2076cd08b4cb169c84c1179b1ghsaWEB
- issues.apache.org/jira/browse/BATIK-1276ghsaWEB
- lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3Eghsamailing-listWEB
- lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3Eghsamailing-listWEB
- lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3EghsaWEB
- www.oracle.com//security-alerts/cpujul2021.htmlghsaWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlghsaWEB
- www.oracle.com/security-alerts/cpujan2021.htmlghsaWEB
- www.oracle.com/security-alerts/cpujan2022.htmlghsaWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsaWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlghsaWEB
- xmlgraphics.apache.org/security.htmlghsaWEB
News mentions
0No linked articles in our index yet.