Moderate severityNVD Advisory· Published Sep 22, 2022· Updated Nov 3, 2025
Server-Side Request Forgery Information Disclosure Vulnerability
CVE-2022-38398
Description
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.xmlgraphics:batikMaven | >= 1.14, < 1.15 | 1.15 |
org.apache.xmlgraphics:batik-bridgeMaven | >= 1.14, < 1.15 | 1.15 |
Affected products
4- ghsa-coords3 versionspkg:maven/org.apache.xmlgraphics/batikpkg:maven/org.apache.xmlgraphics/batik-bridgepkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
>= 1.14, < 1.15+ 2 more
- (no CPE)range: >= 1.14, < 1.15
- (no CPE)range: >= 1.14, < 1.15
- (no CPE)range: < 1.17-2.7.1
- Apache Software Foundation/Apache XML Graphicsv5Range: Batik 1.14
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-c5xv-qc8p-mh2vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-38398ghsaADVISORY
- security.gentoo.org/glsa/202401-11ghsavendor-advisoryWEB
- issues.apache.org/jira/browse/BATIK-1331ghsaWEB
- lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsxghsaWEB
- lists.debian.org/debian-lts-announce/2023/10/msg00021.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2025/07/msg00006.htmlghsaWEB
News mentions
0No linked articles in our index yet.