CVE-2022-44729 - Server-Side Request Forgery (SSRF)

Severity: High2023-11-09

Security Advisories

Abstract

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

The Oxygen products incorporate Apache XML Graphics Batik as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Author v25.1 and olderHigh Oxygen XML Author 25.1 build 2023110913
Oxygen XML Author 26.0 build 2023100905
Oxygen XML Developer v25.1 and olderHigh Oxygen XML Developer 25.1 build 2023110913
Oxygen XML Developer 26.0 build 2023100905
Oxygen XML Editor v25.1 and olderHigh Oxygen XML Editor 25.1 build 2023110913
Oxygen XML Editor 26.0 build 2023100905
Oxygen XML Web Author v25.1.0.1 and olderNone Oxygen XML Web Author 26.0.0 build 2023101015
Oxygen Publishing Engine v25.1 and olderNone Oxygen Publishing Engine 25.1 build 2023110913
Oxygen Publishing Engine 26.0 build 2023100523

Mitigation

None

Detail

CVE-2022-44729

Severity: High

CVSS Score: 7.1

The Apache XML Graphics Batik third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-44729 vulnerability description.

Starting with Oxygen XML Author v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen XML Developer v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen XML Editor v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen XML Author v26.0 build 2023100905 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen XML Developer v26.0 build 2023100905 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen XML Editor v26.0 build 2023100905 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen XML Web Author v26.0 build 2023101015 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen Publishing Engine v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

Starting with Oxygen Publishing Engine v26.0 build 2023100523 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Oxygen AI Positron: Your Helper in All Stages of Content Creation
May 8, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor