CVE-2019-17566
- Source
- https://cve.org/CVERecord?id=CVE-2019-17566
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17566.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-17566
- Aliases
- Downstream
- Related
- Published
- 2020-11-12T18:15:12.567Z
- Modified
- 2026-04-15T23:59:36.055858455Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "11.1.2.4.0" } ], "cpe": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "12.2.1.3.0" } ], "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "12.2.1.4.0" } ], "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "5.5.0.0.0" } ], "cpe": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "5.9.0.0.0" } ], "cpe": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "3.9m0p2" } ], "cpe": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "introduced": "6.3.0" }, { "last_affected": "6.3.1" } ], "cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:*:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "12.0.0.3.0" } ], "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "11.1.1.7.0" } ], "cpe": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "introduced": "8.0.6" }, { "last_affected": "8.1.0" } ], "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "12.2.1.4.0" } ], "cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "5.5" } ], "cpe": "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "5.6" } ], "cpe": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "11.1.2.4" } ], "cpe": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "11.2.5.0" } ], "cpe": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.5.0:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "introduced": "17.1" }, { "last_affected": "17.3" } ], "cpe": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "fixed": "9.2.4.0" } ], "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "9.2.4.2" } ], "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "15.0.3" } ], "cpe": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "15.0" } ], "cpe": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "16.0" } ], "cpe": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "19.5" } ], "cpe": "cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "14.1" } ], "cpe": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "14.1" } ], "cpe": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "source": "CPE_FIELD" } ] }- References
-
- https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E
- https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E
- https://security.gentoo.org/glsa/202401-11
- https://xmlgraphics.apache.org/security.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Affected packages
Git / github.com/apache/xmlgraphics-batik
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/xmlgraphics-batik
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "1.13" } ], "cpe": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*", "source": "CPE_FIELD" }