OESA-2023-1651

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1651
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1651.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1651
Upstream
Published
2023-09-15T11:05:57Z
Modified
2025-08-12T05:14:46.802306Z
Summary
batik security update
Details

Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function.

Security Fix(es):

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38398)

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38648)

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-40146)

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.

On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

(CVE-2022-44729)

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.

A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

(CVE-2022-44730)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / batik

Package

Name
batik
Purl
pkg:rpm/openEuler/batik&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-1.oe1

Ecosystem specific 

{
    "noarch": [
        "batik-help-1.17-1.oe1.noarch.rpm",
        "batik-1.17-1.oe1.noarch.rpm"
    ],
    "src": [
        "batik-1.17-1.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / batik

Package

Name
batik
Purl
pkg:rpm/openEuler/batik&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-1.oe1

Ecosystem specific 

{
    "noarch": [
        "batik-help-1.17-1.oe1.noarch.rpm",
        "batik-1.17-1.oe1.noarch.rpm"
    ],
    "src": [
        "batik-1.17-1.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / batik

Package

Name
batik
Purl
pkg:rpm/openEuler/batik&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-1.oe2203sp2

Ecosystem specific 

{
    "noarch": [
        "batik-1.17-1.oe2203.noarch.rpm",
        "batik-help-1.17-1.oe2203.noarch.rpm",
        "batik-1.17-1.oe2203sp1.noarch.rpm",
        "batik-help-1.17-1.oe2203sp1.noarch.rpm",
        "batik-help-1.17-1.oe2203sp2.noarch.rpm",
        "batik-1.17-1.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "batik-1.17-1.oe2203.src.rpm",
        "batik-1.17-1.oe2203sp1.src.rpm",
        "batik-1.17-1.oe2203sp2.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / batik

Package

Name
batik
Purl
pkg:rpm/openEuler/batik&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-1.oe2203sp1

Ecosystem specific 

{
    "noarch": [
        "batik-1.17-1.oe2203sp1.noarch.rpm",
        "batik-help-1.17-1.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "batik-1.17-1.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP2 / batik

Package

Name
batik
Purl
pkg:rpm/openEuler/batik&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-1.oe2203sp2

Ecosystem specific 

{
    "noarch": [
        "batik-help-1.17-1.oe2203sp2.noarch.rpm",
        "batik-1.17-1.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "batik-1.17-1.oe2203sp2.src.rpm"
    ]
}