Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. References: https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 https://xmlgraphics.apache.org/security.html http://www.openwall.com/lists/oss-security/2023/08/22/3 http://www.openwall.com/lists/oss-security/2023/08/22/5
Versions Affected: Batik 1.0 - 1.16 References: https://issues.apache.org/jira/browse/BATIK-1347 https://github.com/advisories/GHSA-2474-2566-3qxp https://github.com/apache/xmlgraphics-batik/commit/f9ae69233eadfbd392a4a08a55618f97343b467c
Created batik tracking bugs for this issue: Affects: fedora-all [bug 2234660]
This issue has been addressed in the following products: RHINT Camel-Springboot 4.0.0 Via RHSA-2023:5441 https://access.redhat.com/errata/RHSA-2023:5441
This issue has been addressed in the following products: RHPAM 7.13.5 async Via RHSA-2024:1353 https://access.redhat.com/errata/RHSA-2024:1353