https://bugzilla.redhat.com/show_bug.cgi?id=1933808
Bug ID: 1933808 Summary: CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: aileenc@redhat.com, akurtako@redhat.com, andjrobins@gmail.com, chazlett@redhat.com, dbhole@redhat.com, drieden@redhat.com, ebaron@redhat.com, eclipse-sig@lists.fedoraproject.org, ggaughan@redhat.com, gmalinko@redhat.com, janstey@redhat.com, java-maint@redhat.com, java-sig-commits@lists.fedoraproject.org, jerboaa@gmail.com, jjohnstn@redhat.com, jkang@redhat.com, jochrist@redhat.com, jvanek@redhat.com, jwon@redhat.com, lef@fedoraproject.org, mat.booth@redhat.com, mizdebsk@redhat.com, rgrunber@redhat.com Target Milestone: --- Classification: Other
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
References: https://xmlgraphics.apache.org/security.html https://www.openwall.com/lists/oss-security/2021/02/24/2