CVE-2022-38398 Server side request forgery vulnerability in Batik of Apache XML Graphics allows attackers to load a url through the jar protocol.
Apache Batik is an open source Java library to render vector graphics. It supports SVG, XCF and PDF. Batik is used to create charts like
CVE-2022-38648 SSRF vulnerability in Batik of Apache XML Graphics allows attacker to fetch external resources.
The Apache XML Graphics Batik library is an open source library licensed under the Apache License 2.0. It provides a bridge between the needs
CVE-2022-37027 Ahsay Ahsay CBS 9.1.4.0 allows system users to inject arbitrary Java JVM options. Administrators with account access to the software's settings panel can inject Java Runtime Options.
An attacker can leverage this vulnerability to access sensitive information on the system or perform other actions as the system user. This issue is reported
CVE-2022-41253 The Jenkins CONS3RT Plugin 1.0.0 and earlier has a CSRF vulnerability that allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method.
This CSRF vulnerability can be exploited by an attacker who controls a target Jenkins installation and configures the plugin to pass login credentials to another
CVE-2022-2881 An attacker could exploit a bug to read memory or crash the process.
Such issues are quite common and often go unnoticed. Let’s take a look at some of the most common causes of these issues and
Episode
00:00:00
00:00:00