CVE-2020-11987

Server-Side Request Forgery (SSRF) in maven/org.apache.xmlgraphics/batik-util

Identifiers

GHSA-2h63-qp69-fwvw, CVE-2020-11987

Package Slug

maven/org.apache.xmlgraphics/batik-util

Vulnerability

Server-Side Request Forgery (SSRF)

Description

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Affected Versions

All versions before 1.14

Solution

Upgrade to version 1.14 or above.

Last Modified

2022-01-11

source