[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: [CVE-2022-44729] Apache Batik information disclosure vulnerability
From: Nbxiglk <fibr3s () gmail ! com>
Date: 2023-08-22 8:07:16
Message-ID: CANQTYRkmodXOwJNCV=gBLOG-usBYxdr1zQdEuQmUSp_1C2Yz=w () mail ! gmail ! com
[Download RAW message or body]
Hi=EF=BC=8CThe vuln type inside the email seems to be incorrect, it should =
be SSRF=E3=80=82
Simon Steiner <simonsteiner1984@gmail.com> =E4=BA=8E2023=E5=B9=B48=E6=9C=88=
22=E6=97=A5=E5=91=A8=E4=BA=8C 16:00=E5=86=99=E9=81=93=EF=BC=9A
> CVE-2022-44729:
> Apache Batik information disclosure vulnerability
>
> Severity:
> Medium
>
> Vendor:
> The Apache Software Foundation
>
> Versions Affected:
> Batik 1.0 - 1.16
>
> Description:
> Block loading external resource by default
>
> Mitigation:
> Users should upgrade to Batik 1.17
>
> Credit:
> This issue was independently reported by nbxiglk
>
> References:
> http://xmlgraphics.apache.org/security.html
> https://issues.apache.org/jira/browse/BATIK-1349
>
> The Apache XML Graphics team.
>
>
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic