Vulnerability Details : CVE-2022-41704
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
Vulnerability category: Server-side request forgery (SSRF)
Products affected by CVE-2022-41704
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41704
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41704
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-41704
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-41704
-
https://security.gentoo.org/glsa/202401-11
Apache Batik: Multiple Vulnerabilities (GLSA 202401-11) — Gentoo security
-
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
[CVE-2022-41704] Apache Batik information disclosure vulnerability-Apache Mail ArchivesVendor Advisory
-
https://www.debian.org/security/2022/dsa-5264
Debian -- Security Information -- DSA-5264-1 batikThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/10/25/2
oss-security - [CVE-2022-41704] Apache Batik information disclosure vulnerabilityMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
[SECURITY] [DLA 3169-1] batik security updateMailing List;Third Party Advisory
Jump to