Description
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)
WordPress Plugin I Recommend This SQL Injection (3.7.7)
Oracle JRE CVE-2013-2432 Vulnerability (CVE-2013-2432)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31554)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7861)