{ "threat_severity" : "Moderate", "public_date" : "2023-08-22T00:00:00Z", "bugzilla" : { "description" : "batik: Server-Side Request Forgery vulnerability", "id" : "2233889", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2233889" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-918", "details" : [ "Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.", "A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure." ], "affected_release" : [ { "product_name" : "RHINT Camel-Springboot 4.0.0", "release_date" : "2023-10-04T00:00:00Z", "advisory" : "RHSA-2023:5441", "cpe" : "cpe:/a:redhat:camel_spring_boot:4.0.0", "package" : "batik" }, { "product_name" : "RHPAM 7.13.5 async", "release_date" : "2024-03-18T00:00:00Z", "advisory" : "RHSA-2024:1353", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "package" : "batik" } ], "package_state" : [ { "product_name" : "Red Hat build of Apache Camel for Spring Boot 3", "fix_state" : "Affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:camel_spring_boot:3" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Not affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "batik", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "fop", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "batik", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "batik", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Out of support scope", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Will not fix", "package_name" : "batik", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Not affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "batik", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-44729\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-44729\nhttps://github.com/advisories/GHSA-gq5f-xv48-2365\nhttps://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2" ], "name" : "CVE-2022-44729", "csaw" : false }