Server-side Request Forgery (SSRF) Affecting org.apache.xmlgraphics:batik-transcoder package, versions [,1.13)


0.0
high
  • Attack Complexity

    Low

  • Integrity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHEXMLGRAPHICS-572843

  • published

    19 Jun 2020

  • disclosed

    15 Jun 2020

  • credit

    Sean Melia

How to fix?

Upgrade org.apache.xmlgraphics:batik-transcoder to version 1.13 or higher.

Overview

org.apache.xmlgraphics:batik-transcoder is a SVG transcoder.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). The SSRF is delivered via the xlink:href attributes that allows an attacker to cause the underlying server to make arbitrary GET requests.