'[oss-security] Re: [CVE-2022-44729] Apache Batik information disclosure vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: [CVE-2022-44729] Apache Batik information disclosure vulnerability
From:       Nbxiglk <fibr3s () gmail ! com>
Date:       2023-08-22 8:07:16
Message-ID: CANQTYRkmodXOwJNCV=gBLOG-usBYxdr1zQdEuQmUSp_1C2Yz=w () mail ! gmail ! com
[Download RAW message or body]


Hi=EF=BC=8CThe vuln type inside the email seems to be incorrect, it should =
be SSRF=E3=80=82

Simon Steiner <simonsteiner1984@gmail.com> =E4=BA=8E2023=E5=B9=B48=E6=9C=88=
22=E6=97=A5=E5=91=A8=E4=BA=8C 16:00=E5=86=99=E9=81=93=EF=BC=9A

> CVE-2022-44729:
>         Apache Batik information disclosure vulnerability
>
> Severity:
>         Medium
>
> Vendor:
>         The Apache Software Foundation
>
> Versions Affected:
>         Batik 1.0 - 1.16
>
> Description:
>         Block loading external resource by default
>
> Mitigation:
>         Users should upgrade to Batik 1.17
>
> Credit:
>         This issue was independently reported by nbxiglk
>
> References:
>         http://xmlgraphics.apache.org/security.html
>         https://issues.apache.org/jira/browse/BATIK-1349
>
> The Apache XML Graphics team.
>
>
>
>
>


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic