ALT-PU-2022-3920-1
Package batik updated to version 1.14-alt1_3jpp8 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2021-01018
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с некорректной обработкой данных в атрибутах «xlink: href», позволяющая нарушителю осуществлять CSRF-атаки
Modified: 2024-11-21
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
- [myfaces-commits] 20201120 [myfaces-tobago] branch tobago-2.x updated: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566
- [myfaces-commits] 20201120 [myfaces-tobago] branch tobago-2.x updated: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566
- [myfaces-commits] 20201211 [myfaces-tobago] 21/22: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566
- [myfaces-commits] 20201211 [myfaces-tobago] 21/22: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566
- GLSA-202401-11
- GLSA-202401-11
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://xmlgraphics.apache.org/security.html
- https://xmlgraphics.apache.org/security.html
Modified: 2024-11-21
CVE-2020-11987
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
- [poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)
- [poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)
- [debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update
- FEDORA-2021-33a1b73e48
- FEDORA-2021-65ff5f10e2
- GLSA-202401-11
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://xmlgraphics.apache.org/security.html
- [poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)
- https://xmlgraphics.apache.org/security.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- GLSA-202401-11
- FEDORA-2021-65ff5f10e2
- FEDORA-2021-33a1b73e48
- [debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update
- [poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)