Vulnerability Details CVE-2022-38648
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.4%
CVSS Severity
CVSS v3 Score 5.3
References
- https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
- https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- https://security.gentoo.org/glsa/202401-11
- https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
- https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html
- https://security.gentoo.org/glsa/202401-11
Products affected by CVE-2022-38648
-
cpe:2.3:a:apache:batik:1.14
-
cpe:2.3:o:debian:debian_linux:10.0