CVE-2022-44730: Apache XML Graphics Batik: Information disclosure vulnerability
Published Aug 22, 2023
·Updated
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
Affected Software
5 affected componentsFixes available
Apache XML Graphics Batik>=1.0<=1.16
maven/org.apache.xmlgraphics:batik-script>=1.0<1.17
1.17
Debian Debian Linux=10.0
redhat/batik<1.17
1.17
IBM InfoSphere Data Architect<=9.2.1
Event History
Aug 22, 2023
CVE Published
via MITRE·01:57 PM
Data Sourced
via MITRE·01:57 PM
DescriptionWeakness
Advisory Published
via GitHub·09:30 PM
Aug 23, 2023
Data Sourced
via Red Hat·04:34 PM
DescriptionSeverityAffected Software
Mar 4, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2022-44730?
The severity of CVE-2022-44730 is medium.
2
What is the affected software for CVE-2022-44730?
The affected software for CVE-2022-44730 is Apache XML Graphics Batik version 1.16.
3
How can I fix CVE-2022-44730?
To fix CVE-2022-44730, upgrade to Apache XML Graphics Batik version 1.17.
4
What is the CWE ID for CVE-2022-44730?
The CWE ID for CVE-2022-44730 is 918.
5
Where can I find more information about CVE-2022-44730?
You can find more information about CVE-2022-44730 on the NIST National Vulnerability Database (NVD) website and the Apache XML Graphics Batik security page.