Source: batik Version: 1.14-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for batik. CVE-2022-38398[0]: | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache | XML Graphics allows an attacker to load a url thru the jar protocol. | This issue affects Apache XML Graphics Batik 1.14. CVE-2022-38648[1]: | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache | XML Graphics allows an attacker to fetch external resources. This | issue affects Apache XML Graphics Batik 1.14. CVE-2022-40146[2]: | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache | XML Graphics allows an attacker to access files using a Jar url. This | issue affects Apache XML Graphics Batik 1.14. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-38398 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38398 https://issues.apache.org/jira/browse/BATIK-1331 http://svn.apache.org/viewvc?view=revision&revision=1903462 [1] https://security-tracker.debian.org/tracker/CVE-2022-38648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38648 https://issues.apache.org/jira/browse/BATIK-1333 http://svn.apache.org/viewvc?view=revision&revision=1903625 [2] https://security-tracker.debian.org/tracker/CVE-2022-40146 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40146 https://issues.apache.org/jira/browse/BATIK-1335 http://svn.apache.org/viewvc?view=revision&revision=1903910 Regards, Salvatore
