CVE-2022-38398

CVE	CVE-2022-38398
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-09-22 15:15:00 UTC
Updated	2024-01-07 11:15:00 UTC
Description	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Problem Types: CWE-918

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Batik	1.14	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All

Reference	Source	Link	Tags
lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx	MISC	lists.apache.org
GLSA-202401-11		security.gentoo.org
[SECURITY] [DLA 3619-1] batik security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

182876 Debian Security Update for batik (CVE-2022-38398)
199377 Ubuntu Security Notification for Apache Batik Vulnerabilities (USN-6117-1)
354806 Amazon Linux Security Advisory for batik : ALAS2-2023-1966
354807 Amazon Linux Security Advisory for batik : ALAS-2023-1695
355063 Amazon Linux Security Advisory for batik : AL2012-2023-387
6000250 Debian Security Update for batik (DLA 3619-1)
710829 Gentoo Linux Apache Batik Multiple Vulnerabilities (GLSA 202401-11)
755916 SUSE Enterprise Linux Security Update for xmlgraphics-batik (SUSE-SU-2024:0777-1)