Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-2294

Upgrade batik to 1.16

Apply templateInsert Lucidchart Diagram
    XMLWordPrintable

Details

    • GreenHopper Ranking:
      0|i2la9f:
    • 9223372036854775807

    Description

      Server-Side Request Forgery in Talend/component-runtime (master)

      Issue Details

      • Vulnerability: Server-Side Request Forgery
      • Severity: Medium
      • Project: Talend/component-runtime
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in `DefaultExternalResourceSecurity` because the constructor logic does not properly restrict external resources, which allows remote attackers to cause SSRF bypass and gain access to confidential information.

      View more details

      Attachments

        Activity

          People

            Unassigned Unassigned
            pteyssier pierre teyssier
            emmanuel gallois
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: