The Apache Batik library before version 1.14 is vulnerable to server-side request forgery (SSRF) via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests.
The Apache Batik library before version 1.14 is vulnerable to server-side request forgery (SSRF) via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests.
https://www.openwall.com/lists/oss-security/2021/02/24/2 https://xmlgraphics.apache.org/security.html https://issues.apache.org/jira/browse/BATIK-1284 https://svn.apache.org/viewvc?view=revision&revision=1878396