CVE-2022-38648

CVE	CVE-2022-38648
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-09-22 15:15:00 UTC
Updated	2024-01-07 11:15:00 UTC
Description	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

Problem Types: CWE-918

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Batik	1.14	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All

Reference	Source	Link	Tags
GLSA-202401-11		security.gentoo.org
[SECURITY] [DLA 3619-1] batik security update	MLIST	lists.debian.org
lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b	MISC	lists.apache.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

184962 Debian Security Update for batik (CVE-2022-38648)
199377 Ubuntu Security Notification for Apache Batik Vulnerabilities (USN-6117-1)
354806 Amazon Linux Security Advisory for batik : ALAS2-2023-1966
354807 Amazon Linux Security Advisory for batik : ALAS-2023-1695
355063 Amazon Linux Security Advisory for batik : AL2012-2023-387
6000250 Debian Security Update for batik (DLA 3619-1)
710829 Gentoo Linux Apache Batik Multiple Vulnerabilities (GLSA 202401-11)
755916 SUSE Enterprise Linux Security Update for xmlgraphics-batik (SUSE-SU-2024:0777-1)