Moderate severityNVD Advisory· Published Aug 22, 2023· Updated Feb 13, 2025
Apache XML Graphics Batik: Information disclosure vulnerability
CVE-2022-44730
Description
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.xmlgraphics:batik-scriptMaven | >= 1.0, < 1.17 | 1.17 |
Affected products
5- ghsa-coords4 versionspkg:maven/org.apache.xmlgraphics/batik-scriptpkg:rpm/opensuse/xmlgraphics-batik&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
>= 1.0, < 1.17+ 3 more
- (no CPE)range: >= 1.0, < 1.17
- (no CPE)range: < 1.17-150200.4.7.1
- (no CPE)range: < 1.17-150200.4.7.1
- (no CPE)range: < 1.17-2.7.1
- Range: 1.16
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-2474-2566-3qxpghsaADVISORY
- lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-44730ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/08/22/3ghsaWEB
- www.openwall.com/lists/oss-security/2023/08/22/5ghsaWEB
- github.com/apache/xmlgraphics-batik/commit/64658ccda90deaf6bf5f5b4d4a2ec365fe648bfaghsaWEB
- github.com/apache/xmlgraphics-batik/commit/f9ae69233eadfbd392a4a08a55618f97343b467cghsaWEB
- issues.apache.org/jira/browse/BATIK-1347ghsaWEB
- lists.debian.org/debian-lts-announce/2023/10/msg00021.htmlghsaWEB
- security.gentoo.org/glsa/202401-11ghsaWEB
- xmlgraphics.apache.org/security.htmlghsaWEB
News mentions
0No linked articles in our index yet.