Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11987 (GCVE-0-2020-11987)
Vulnerability from cvelistv5 – Published: 2021-02-24 00:00 – Updated: 2025-11-03 19:25
VLAI?
EPSS
Summary
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Batik |
Affected:
Apache Batik 1.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:28.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"name": "[poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E"
},
{
"name": "[poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E"
},
{
"name": "FEDORA-2021-65ff5f10e2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/"
},
{
"name": "FEDORA-2021-33a1b73e48",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"name": "GLSA-202401-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Batik",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Batik 1.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T11:06:30.228Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"name": "[poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E"
},
{
"name": "[poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E"
},
{
"name": "FEDORA-2021-65ff5f10e2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/"
},
{
"name": "FEDORA-2021-33a1b73e48",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"name": "GLSA-202401-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-11987",
"datePublished": "2021-02-24T00:00:00.000Z",
"dateReserved": "2020-04-21T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:28.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CERTFR-2022-AVI-659
Vulnerability from certfr_avis - Published: 2022-07-20 - Updated: 2022-07-20
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic version 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic version 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic version 12.2.1.3.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2021-2351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
},
{
"name": "CVE-2022-21560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21560"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"name": "CVE-2022-24891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24891"
},
{
"name": "CVE-2022-21548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21548"
},
{
"name": "CVE-2022-23457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23457"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2022-21564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21564"
},
{
"name": "CVE-2020-11987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2022-21557",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21557"
},
{
"name": "CVE-2022-29577",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29577"
}
],
"initial_release_date": "2022-07-20T00:00:00",
"last_revision_date": "2022-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-659",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixFMW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#FMW"
}
]
}
CERTFR-2021-AVI-556
Vulnerability from certfr_avis - Published: 2021-07-21 - Updated: 2021-07-21
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server 12.1.0.2, 12.2.0.1, 19c | ||
| Oracle | Database Server | Oracle Database Server versions antérieures à 21.1.0.00.04 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server 12.1.0.2, 12.2.0.1, 19c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server versions ant\u00e9rieures \u00e0 21.1.0.00.04",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2020-11988",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11988"
},
{
"name": "CVE-2021-2337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2337"
},
{
"name": "CVE-2021-2438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2438"
},
{
"name": "CVE-2020-27193",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27193"
},
{
"name": "CVE-2021-2326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2326"
},
{
"name": "CVE-2021-2333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2333"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2021-2351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
},
{
"name": "CVE-2020-7760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7760"
},
{
"name": "CVE-2021-2330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2330"
},
{
"name": "CVE-2020-27844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27844"
},
{
"name": "CVE-2020-26870",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26870"
},
{
"name": "CVE-2021-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2460"
},
{
"name": "CVE-2021-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2328"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2021-2336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2336"
},
{
"name": "CVE-2020-11987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
},
{
"name": "CVE-2021-2335",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2335"
},
{
"name": "CVE-2021-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2329"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2021-2334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2334"
},
{
"name": "CVE-2019-17545",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17545"
}
],
"initial_release_date": "2021-07-21T00:00:00",
"last_revision_date": "2021-07-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-556",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2021 du 20 juillet 2021",
"url": "https://www.oracle.com/security-alerts/cpujul2021verbose.html#DB"
}
]
}
CERTFR-2021-AVI-951
Vulnerability from certfr_avis - Published: 2021-12-15 - Updated: 2021-12-15
De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64 | ||
| SolarWinds | Platform | Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le | ||
| Red Hat | N/A | Red Hat Integration Text-Only Advisories x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat Openshift Application Runtimes Text-Only Advisories x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat Integration - Camel K 1 x86_64 | ||
| SolarWinds | Platform | Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le | ||
| Red Hat | N/A | Red Hat Fuse 1 x86_64 | ||
| SolarWinds | Platform | Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat JBoss Data Grid Text-Only Advisories x86_64 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Red Hat Integration Text-Only Advisories x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Openshift Application Runtimes Text-Only Advisories x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Integration - Camel K 1 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Fuse 1 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat JBoss Data Grid Text-Only Advisories x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"name": "CVE-2020-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
},
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2021-22118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22118"
},
{
"name": "CVE-2020-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
},
{
"name": "CVE-2021-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2020-11988",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11988"
},
{
"name": "CVE-2020-35510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35510"
},
{
"name": "CVE-2021-45606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45606"
},
{
"name": "CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2020-26259",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
},
{
"name": "CVE-2021-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3597"
},
{
"name": "CVE-2021-28170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
},
{
"name": "CVE-2020-17521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2020-26217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2021-20218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20218"
},
{
"name": "CVE-2020-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
},
{
"name": "CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"name": "CVE-2020-17527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2020-13943",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13943"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"name": "CVE-2020-11987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"initial_release_date": "2021-12-15T00:00:00",
"last_revision_date": "2021-12-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5101 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHBA-2021:5101"
}
],
"reference": "CERTFR-2021-AVI-951",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5130 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5130"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHBA-2021:5114 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHBA-2021:5114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5138 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5132 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5132"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5126 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5126"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5134 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5134"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5133 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5108 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5093 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5093"
}
]
}
CNVD-2021-14152
Vulnerability from cnvd - Published: 2021-03-03
VLAI Severity ?
Title
Apache Batik服务器端请求伪造漏洞
Description
Apache Batik是Apach开源的一个系统库。提供可伸缩矢量图形SVG格式的图像用于各种目的应用程序或小程序。
Apache Batik 1.13版本存在服务器端请求伪造漏洞,这是由NodePanel未能正确的输入验证造成的。通过使用巧尽心思构建的参数,攻击者可以利用此漏洞使基础服务器发出任意GET请求。
Severity
中
Patch Name
Apache Batik服务器端请求伪造漏洞的补丁
Patch Description
Apache Batik是Apach开源的一个系统库。提供可伸缩矢量图形SVG格式的图像用于各种目的应用程序或小程序。
Apache Batik 1.13版本存在服务器端请求伪造漏洞,这是由NodePanel未能正确的输入验证造成的。通过使用巧尽心思构建的参数,攻击者可以利用此漏洞使基础服务器发出任意GET请求。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新:https://xmlgraphics.apache.org/security.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-11987
Impacted products
| Name | Apache Batik 1.13 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-11987",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-11987"
}
},
"description": "Apache Batik\u662fApach\u5f00\u6e90\u7684\u4e00\u4e2a\u7cfb\u7edf\u5e93\u3002\u63d0\u4f9b\u53ef\u4f38\u7f29\u77e2\u91cf\u56fe\u5f62SVG\u683c\u5f0f\u7684\u56fe\u50cf\u7528\u4e8e\u5404\u79cd\u76ee\u7684\u5e94\u7528\u7a0b\u5e8f\u6216\u5c0f\u7a0b\u5e8f\u3002\n\nApache Batik 1.13\u7248\u672c\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fd9\u662f\u7531NodePanel\u672a\u80fd\u6b63\u786e\u7684\u8f93\u5165\u9a8c\u8bc1\u9020\u6210\u7684\u3002\u901a\u8fc7\u4f7f\u7528\u5de7\u5c3d\u5fc3\u601d\u6784\u5efa\u7684\u53c2\u6570\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u57fa\u7840\u670d\u52a1\u5668\u53d1\u51fa\u4efb\u610fGET\u8bf7\u6c42\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://xmlgraphics.apache.org/security.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-14152",
"openTime": "2021-03-03",
"patchDescription": "Apache Batik\u662fApach\u5f00\u6e90\u7684\u4e00\u4e2a\u7cfb\u7edf\u5e93\u3002\u63d0\u4f9b\u53ef\u4f38\u7f29\u77e2\u91cf\u56fe\u5f62SVG\u683c\u5f0f\u7684\u56fe\u50cf\u7528\u4e8e\u5404\u79cd\u76ee\u7684\u5e94\u7528\u7a0b\u5e8f\u6216\u5c0f\u7a0b\u5e8f\u3002\r\n\r\nApache Batik 1.13\u7248\u672c\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fd9\u662f\u7531NodePanel\u672a\u80fd\u6b63\u786e\u7684\u8f93\u5165\u9a8c\u8bc1\u9020\u6210\u7684\u3002\u901a\u8fc7\u4f7f\u7528\u5de7\u5c3d\u5fc3\u601d\u6784\u5efa\u7684\u53c2\u6570\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u57fa\u7840\u670d\u52a1\u5668\u53d1\u51fa\u4efb\u610fGET\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Batik\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apache Batik 1.13"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11987",
"serverity": "\u4e2d",
"submitTime": "2021-02-26",
"title": "Apache Batik\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
FKIE_CVE-2020-11987
Vulnerability from fkie_nvd - Published: 2021-02-24 18:15 - Updated: 2025-11-03 20:15
Severity ?
Summary
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E | Mailing List, Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E | Mailing List, Vendor Advisory | |
| security@apache.org | https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/ | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/ | Mailing List, Third Party Advisory | |
| security@apache.org | https://security.gentoo.org/glsa/202401-11 | Third Party Advisory | |
| security@apache.org | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| security@apache.org | https://xmlgraphics.apache.org/security.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-11 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://xmlgraphics.apache.org/security.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | batik | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| oracle | agile_engineering_data_management | 6.2.1.0 | |
| oracle | banking_apis | 18.3 | |
| oracle | banking_apis | 19.1 | |
| oracle | banking_apis | 19.2 | |
| oracle | banking_apis | 20.1 | |
| oracle | banking_apis | 21.1 | |
| oracle | banking_digital_experience | 18.3 | |
| oracle | banking_digital_experience | 19.1 | |
| oracle | banking_digital_experience | 19.2 | |
| oracle | banking_digital_experience | 20.1 | |
| oracle | banking_digital_experience | 21.1 | |
| oracle | communications_application_session_controller | 3.9m0p3 | |
| oracle | communications_metasolv_solution | 6.3.0 | |
| oracle | communications_metasolv_solution | 6.3.1 | |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | |
| oracle | enterprise_repository | 11.1.1.7.0 | |
| oracle | flexcube_universal_banking | * | |
| oracle | fusion_middleware_mapviewer | 12.2.1.4.0 | |
| oracle | instantis_enterprisetrack | 17.1 | |
| oracle | instantis_enterprisetrack | 17.2 | |
| oracle | instantis_enterprisetrack | 17.3 | |
| oracle | insurance_policy_administration | * | |
| oracle | product_lifecycle_analytics | 3.6.1 | |
| oracle | retail_back_office | 14.1 | |
| oracle | retail_central_office | 14.1 | |
| oracle | retail_order_broker | 15.0 | |
| oracle | retail_order_broker | 16.0 | |
| oracle | retail_order_management_system_cloud_service | 19.5 | |
| oracle | retail_point-of-service | 14.1 | |
| oracle | retail_returns_management | 14.1 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EA21E7-63C2-4548-95E4-20A8D2E6B67A",
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "042269E6-D3B4-4867-86FA-9301FACA9FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*",
"matchCriteriaId": "441FD998-ABE6-4377-AAFA-FEAE42352FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCB9E3-883D-4C1F-9785-2E182BA47B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA54C48-2FE6-495E-A92C-85F149AA1B64",
"versionEndIncluding": "14.4.0",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA86EF7E-6162-4244-9C88-7AF5CAB787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C02FB5-59A0-43BC-B3DA-2BB1A1BE5CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
},
{
"lang": "es",
"value": "Apache Batik versi\u00f3n 1.13 es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobaci\u00f3n de entrada inapropiada por parte de NodePickerPanel.\u0026#xa0;Al usar un argumento especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para causar que el servidor subyacente lleve a cabo peticiones GET arbitrarias"
}
],
"id": "CVE-2020-11987",
"lastModified": "2025-11-03T20:15:42.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-24T18:15:11.093",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://xmlgraphics.apache.org/security.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-2H63-QP69-FWVW
Vulnerability from github – Published: 2022-01-06 20:35 – Updated: 2022-02-08 21:33
VLAI?
Summary
Server-side request forgery (SSRF) in Apache Batik
Details
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Severity ?
8.2 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.xmlgraphics:batik-svgbrowser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-11987"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-26T22:47:21Z",
"nvd_published_at": "2021-02-24T18:15:00Z",
"severity": "HIGH"
},
"details": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"id": "GHSA-2h63-qp69-fwvw",
"modified": "2022-02-08T21:33:49Z",
"published": "2022-01-06T20:35:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11987"
},
{
"type": "WEB",
"url": "https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6"
},
{
"type": "WEB",
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05@%3Cdev.poi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2@%3Cdev.poi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/BATIK-1284"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/xmlgraphics-batik"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Server-side request forgery (SSRF) in Apache Batik"
}
GSD-2020-11987
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-11987",
"description": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"id": "GSD-2020-11987",
"references": [
"https://www.suse.com/security/cve/CVE-2020-11987.html",
"https://access.redhat.com/errata/RHSA-2021:5134",
"https://advisories.mageia.org/CVE-2020-11987.html",
"https://security.archlinux.org/CVE-2020-11987",
"https://alas.aws.amazon.com/cve/html/CVE-2020-11987.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-11987"
],
"details": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"id": "GSD-2020-11987",
"modified": "2023-12-13T01:22:07.808547Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-11987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Batik",
"version": {
"version_data": [
{
"version_value": "Apache Batik 1.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xmlgraphics.apache.org/security.html",
"refsource": "MISC",
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"name": "[poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05@%3Cdev.poi.apache.org%3E"
},
{
"name": "[poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2@%3Cdev.poi.apache.org%3E"
},
{
"name": "FEDORA-2021-65ff5f10e2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/"
},
{
"name": "FEDORA-2021-33a1b73e48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"name": "GLSA-202401-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202401-11"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.13]",
"affected_versions": "All versions up to 1.13",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2021-12-22",
"description": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the `NodePickerPanel`. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"fixed_versions": [
"1.14"
],
"identifier": "CVE-2020-11987",
"identifiers": [
"CVE-2020-11987"
],
"not_impacted": "All versions after 1.13",
"package_slug": "maven/org.apache.xmlgraphics/batik-svgbrowser",
"pubdate": "2021-02-24",
"solution": "Upgrade to version 1.14 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11987",
"https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2@%3Cdev.poi.apache.org%3E",
"https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05@%3Cdev.poi.apache.org%3E",
"https://xmlgraphics.apache.org/security.html"
],
"uuid": "ed5f8969-e80e-458c-aabf-3bc48de6c219"
},
{
"affected_range": "(,1.14)",
"affected_versions": "All versions before 1.14",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-918",
"CWE-937"
],
"date": "2022-01-06",
"description": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"fixed_versions": [
"1.14"
],
"identifier": "CVE-2020-11987",
"identifiers": [
"GHSA-2h63-qp69-fwvw",
"CVE-2020-11987"
],
"not_impacted": "All versions starting from 1.14",
"package_slug": "maven/org.apache.xmlgraphics/batik-ttf2svg",
"pubdate": "2022-01-06",
"solution": "Upgrade to version 1.14 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11987",
"https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6",
"https://github.com/advisories/GHSA-2h63-qp69-fwvw"
],
"uuid": "d8f5e0c9-54c7-46f9-81f9-9565ba162dd1"
},
{
"affected_range": "(,1.14)",
"affected_versions": "All versions before 1.14",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-918",
"CWE-937"
],
"date": "2022-01-06",
"description": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"fixed_versions": [
"1.14"
],
"identifier": "CVE-2020-11987",
"identifiers": [
"GHSA-2h63-qp69-fwvw",
"CVE-2020-11987"
],
"not_impacted": "All versions starting from 1.14",
"package_slug": "maven/org.apache.xmlgraphics/batik-util",
"pubdate": "2022-01-06",
"solution": "Upgrade to version 1.14 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11987",
"https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6",
"https://github.com/advisories/GHSA-2h63-qp69-fwvw"
],
"uuid": "b35c095e-3a9e-4c08-bd67-569df9d379a8"
},
{
"affected_range": "(,1.14)",
"affected_versions": "All versions before 1.14",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-918",
"CWE-937"
],
"date": "2022-01-06",
"description": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"fixed_versions": [
"1.14"
],
"identifier": "CVE-2020-11987",
"identifiers": [
"GHSA-2h63-qp69-fwvw",
"CVE-2020-11987"
],
"not_impacted": "All versions starting from 1.14",
"package_slug": "maven/org.apache.xmlgraphics/batik-xml",
"pubdate": "2022-01-06",
"solution": "Upgrade to version 1.14 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11987",
"https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6",
"https://github.com/advisories/GHSA-2h63-qp69-fwvw"
],
"uuid": "02925b64-1350-4cca-98f5-4f8e39b7c262"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EA21E7-63C2-4548-95E4-20A8D2E6B67A",
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "042269E6-D3B4-4867-86FA-9301FACA9FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*",
"matchCriteriaId": "441FD998-ABE6-4377-AAFA-FEAE42352FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCB9E3-883D-4C1F-9785-2E182BA47B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA54C48-2FE6-495E-A92C-85F149AA1B64",
"versionEndIncluding": "14.4.0",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA86EF7E-6162-4244-9C88-7AF5CAB787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C02FB5-59A0-43BC-B3DA-2BB1A1BE5CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
},
{
"lang": "es",
"value": "Apache Batik versi\u00f3n 1.13 es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobaci\u00f3n de entrada inapropiada por parte de NodePickerPanel.\u0026#xa0;Al usar un argumento especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para causar que el servidor subyacente lleve a cabo peticiones GET arbitrarias"
}
],
"id": "CVE-2020-11987",
"lastModified": "2024-02-01T01:24:46.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-24T18:15:11.093",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://xmlgraphics.apache.org/security.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…