VDB

GCVE-110-MAGEIA-2024-68

GCVE-110-MAGEIA-2024-68
Advisory Published
Vulnetix · Advisory published March 16, 2024
The updated packages fix security vulnerabilities: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. (CVE-2022-38398) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. (CVE-2022-38648) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. (CVE-2022-40146) A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. (CVE-2022-41704) A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. (CVE-2022-42890)

Affected Products

VendorProductVersionsPlatforms
Mageialxc0 (affected), 5.0.3-1.mga9 (unaffected)
Mageiabatik0 (affected), 1.14-4.1.mga9 (unaffected), 0 (affected), 1.14-4.1.mga9 (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›