{"id":"MGASA-2024-0068","summary":"Updated batik packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML\nGraphics allows an attacker to load a url thru the jar protocol.\n(CVE-2022-38398)\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML\nGraphics allows an attacker to fetch external resources.\n(CVE-2022-38648)\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML\nGraphics allows an attacker to access files using a Jar url.\n(CVE-2022-40146)\nA vulnerability in Batik of Apache XML Graphics allows an attacker to\nrun untrusted Java code from an SVG. (CVE-2022-41704)\nA vulnerability in Batik of Apache XML Graphics allows an attacker to\nrun Java code from untrusted SVG via JavaScript. (CVE-2022-42890)\n","modified":"2026-04-16T04:41:36.919512436Z","published":"2024-03-16T16:28:17Z","upstream":["CVE-2022-38398","CVE-2022-38648","CVE-2022-40146","CVE-2022-41704","CVE-2022-42890"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0068.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30882"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/09/22/2"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/09/22/3"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/09/22/4"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/10/25/2"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/10/25/3"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5264"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6117-1"}],"affected":[{"package":{"name":"batik","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/batik?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14-4.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0068.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}