MGASA-2024-0068

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0068.html

Import Source

https://advisories.mageia.org/MGASA-2024-0068.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0068

Related

Published

2024-03-16T16:28:17Z

Modified

2024-03-16T16:13:38Z

Summary

Updated batik packages fix security vulnerabilities

Details

The updated packages fix security vulnerabilities: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. (CVE-2022-38398) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. (CVE-2022-38648) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. (CVE-2022-40146) A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. (CVE-2022-41704) A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. (CVE-2022-42890)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / batik

Package

Name: batik
Purl: pkg:rpm/mageia/batik?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14-4.1.mga9

Ecosystem specific

{
    "section": "core"
}