Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-2294

Upgrade batik to 1.16

Apply templateInsert Lucidchart DiagramXMLWordPrintable

    • GreenHopper Ranking:
      0|i2la9f:
    • 9223372036854775807

      Server-Side Request Forgery in Talend/component-runtime (master)

      Issue Details

      • Vulnerability: Server-Side Request Forgery
      • Severity: Medium
      • Project: Talend/component-runtime
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in `DefaultExternalResourceSecurity` because the constructor logic does not properly restrict external resources, which allows remote attackers to cause SSRF bypass and gain access to confidential information.

      View more details

            Unassigned Unassigned
            pteyssier pierre teyssier
            emmanuel gallois
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: