MGASA-2021-0139

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0139.html

Import Source

https://advisories.mageia.org/MGASA-2021-0139.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0139

Related

CVE-2020-11987

Published

2021-03-17T06:16:07Z

Modified

2021-03-17T06:03:55Z

Summary

Updated batik packages fix a security vulnerability

Details

The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests (CVE-2020-11987).

References

https://advisories.mageia.org/MGASA-2021-0139.html
https://bugs.mageia.org/show_bug.cgi?id=28439
https://www.openwall.com/lists/oss-security/2021/02/24/2
https://xmlgraphics.apache.org/security.html

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / batik

Package

Name: batik
Purl: pkg:rpm/mageia/batik?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14-1.1.mga8

Ecosystem specific

{
    "section": "core"
}