CVE-2022-40146

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

References

Affected packages

Git / github.com/apache/batik

Affected ranges

Type

GIT

Repo

https://github.com/apache/batik

Events

Introduced

Last affected

6f03c1c80f51f53c61d506a544d810bfc111ec4f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14"
        }
    ]
}

Affected versions

Other

1_17

1_18

1_19

batik-1_0beta

batik-1_0beta2

batik-1_0beta2rc1

batik-1_0beta2rc2

batik-1_0beta2rc3

batik-1_0beta2rc4

batik-1_0beta2rc5

batik-1_0beta2rc6

batik-1_0beta2rc7

batik-1_0beta2rc8

batik-1_0beta2rc9

batik-1_1

batik-1_10

batik-1_11

batik-1_12

batik-1_13

batik-1_14

batik-1_15

batik-1_16

batik-1_1_1

batik-1_1rc1

batik-1_1rc2

batik-1_1rc3

batik-1_1rc4

batik-1_5

batik-1_5_1

batik-1_5_1rc2

batik-1_5beta1

batik-1_5beta2

batik-1_5beta3

batik-1_5beta4

batik-1_5beta4b

batik-1_5beta5

batik-1_6

batik-1_6_1

batik-1_7

batik-1_7_1

batik-1_7beta1

batik-1_8

batik-1_9

batik-1_9_1

batik_1_0

beforeBoundsChange

start

svgbrowser

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40146.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]