MGASA-2024-0068

Source
https://advisories.mageia.org/MGASA-2024-0068.html
Import Source
https://advisories.mageia.org/MGASA-2024-0068.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2024-0068
Related
Published
2024-03-16T16:28:17Z
Modified
2024-03-16T16:13:38Z
Summary
Updated batik packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. (CVE-2022-38398) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. (CVE-2022-38648) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. (CVE-2022-40146) A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. (CVE-2022-41704) A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. (CVE-2022-42890)

References
Credits

Affected packages