Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. References: https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 https://xmlgraphics.apache.org/security.html http://www.openwall.com/lists/oss-security/2023/08/22/4 http://www.openwall.com/lists/oss-security/2023/08/22/2
Versions Affected: Batik 1.0 - 1.16 References: https://issues.apache.org/jira/browse/BATIK-1349 https://github.com/advisories/GHSA-gq5f-xv48-2365 https://github.com/apache/xmlgraphics-batik/commit/85b3457d9902f64d5d409a8da060d5ba47d0b69b https://github.com/apache/xmlgraphics-batik/commit/aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893
Created batik tracking bugs for this issue: Affects: fedora-all [bug 2234660]
This issue has been addressed in the following products: RHINT Camel-Springboot 4.0.0 Via RHSA-2023:5441 https://access.redhat.com/errata/RHSA-2023:5441
This issue has been addressed in the following products: RHPAM 7.13.5 async Via RHSA-2024:1353 https://access.redhat.com/errata/RHSA-2024:1353