[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability
From: "Simon Steiner" <simonsteiner1984 () gmail ! com>
Date: 2021-02-24 12:01:06
Message-ID: 000801d70aa4$bbfa3410$33ee9c30$ () gmail ! com
[Download RAW message or body]
CVE-2020-11987:
Apache XML Graphics Batik SSRF vulnerability
Severity:
Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Batik 1.13 and earlier
Description:
The Apache Batik library is vulnerable to SSRF via the =
NodePickerPanel that allow an
attacker to cause the underlying server to make arbitrary GET requests.
Mitigation:
Users should upgrade to Batik 1.13 or later
Credit:
This issue was independently reported by =
=E5=BC=A0=E7=9B=B8=E6=B5=A9
References:
http://xmlgraphics.apache.org/security.html
The Apache XML Graphics team.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic