Google Git
Sign in
apache / security-site / 4e3c5c7d55beb8b719196abf8c828659b4350896 / . / static / projects / xmlgraphics / CVE-2022-44730.cve.json
blob: 412a4aff76cff428255a09ee53c42fec7ffdc13a [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
},
"title": "Information disclosure vulnerability",
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"cweId": "CWE-918",
"type": "CWE"
}
]
}
],
"source": {
"defect": [
"BATIK-1347"
],
"discovery": "UNKNOWN"
},
"affected": [
{
"vendor": "Apache Software Foundation",
"product": "Apache XML Graphics Batik",
"versions": [
{
"status": "affected",
"version": "1.16"
}
],
"defaultStatus": "unaffected"
}
],
"descriptions": [
{
"value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.\n\n",
"lang": "en",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.<p>This issue affects Apache XML Graphics Batik: 1.16.<br></p><p>A malicious SVG can probe user profile / data and send it directly as parameter to a URL.<br></p>"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0",
"tags": [
"vendor-advisory"
]
},
{
"url": "https://xmlgraphics.apache.org/security.html"
}
],
"metrics": [
{
"other": {
"type": "Textual description of severity",
"content": {
"text": "moderate"
}
}
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"cveId": "CVE-2022-44730",
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}