'[oss-security] [CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability
From:       "Simon Steiner" <simonsteiner1984 () gmail ! com>
Date:       2021-02-24 12:01:06
Message-ID: 000801d70aa4$bbfa3410$33ee9c30$ () gmail ! com
[Download RAW message or body]

CVE-2020-11987:
        Apache XML Graphics Batik SSRF vulnerability

Severity:
        Medium

Vendor:
        The Apache Software Foundation

Versions Affected:
        Batik 1.13 and earlier

Description:
        The Apache Batik library is vulnerable to SSRF via the =
NodePickerPanel that allow an
attacker to cause the underlying server to make arbitrary GET requests.

Mitigation:
        Users should upgrade to Batik 1.13 or later

Credit:
        This issue was independently reported by =
=E5=BC=A0=E7=9B=B8=E6=B5=A9

References:
        http://xmlgraphics.apache.org/security.html

The Apache XML Graphics team.

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic