CVE Published: 12/11/2020 |
CVE Updated: 05/08/2024 |
CVE Year: 2019 Source: apache |
Vendor: n/a |
Product: Apache Batik Status : PUBLISHED
CVE-2019-17566 Description
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.