CVE-2022-38648
MEDIUM5.3EPSS 0.22%Apache Batik vulnerable to Server-Side Request Forgery
發布日:2022/9/23修改日:2025/11/3
描述
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik Bridge versions 1.14 and below.
受影響套件(3)
- Debian/batikfrom 0, < 1.12-4+deb11u3
- Maven/org.apache.xmlgraphics:batikfrom 0, < 1.15
- Maven/org.apache.xmlgraphics:batik-bridgefrom 0, < 1.15
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-38648
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-38648
- PATCHhttps://github.com/apache/xmlgraphics-batik
- WEBhttps://github.com/apache/xmlgraphics-batik/commit/996aa8897c208be11ce65cef00c9576a299b2637
- WEBhttps://issues.apache.org/jira/browse/BATIK-1333
- WEBhttps://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
- WEBhttps://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- WEBhttps://lists.debian.org/debian-lts-announce/2025/07/msg00006.html
- WEBhttps://security.gentoo.org/glsa/202401-11