github - ghsa-wfw6-mmmp-87xm

ghsa-wfw6-mmmp-87xm

Vulnerability from github

Published

2022-05-17 00:28

Modified

2022-07-06 20:29

Summary

Improper Input Validation in Apache Batik

Details

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.xmlgraphics:batik"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-0250"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:29:14Z",
    "nvd_published_at": "2015-03-24T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.",
  "id": "GHSA-wfw6-mmmp-87xm",
  "modified": "2022-07-06T20:29:14Z",
  "published": "2022-05-17T00:28:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0250"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2015-0138.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2015/Mar/142"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3205"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032781"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2548-1"
    },
    {
      "type": "WEB",
      "url": "http://xmlgraphics.apache.org/security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Input Validation in Apache Batik"
}

cve-2015-0250

Vulnerability from cvelistv5

Published

2015-03-24 17:00

Modified

2024-08-06 04:03

Severity

Summary

References

URL	Tags
http://www.ubuntu.com/usn/USN-2548-1	vendor-advisory, x_refsource_UBUNTU
http://www-01.ibm.com/support/docview.wss?uid=swg21963275	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:203	vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2015/dsa-3205	vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1032781	vdb-entry, x_refsource_SECTRACK
http://advisories.mageia.org/MGASA-2015-0138.html	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2015/Mar/142	mailing-list, x_refsource_FULLDISC
http://rhn.redhat.com/errata/RHSA-2016-0042.html	vendor-advisory, x_refsource_REDHAT
http://xmlgraphics.apache.org/security.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0041.html	vendor-advisory, x_refsource_REDHAT
http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html	x_refsource_MISC

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website