{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-38648","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","dateUpdated":"2025-11-03T19:27:25.993Z","dateReserved":"2022-08-22T00:00:00.000Z","datePublished":"2022-09-22T00:00:00.000Z"},"containers":{"cna":{"title":"PDFTranscoder does not block external resources","providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2024-01-07T11:06:22.161Z"},"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14."}],"affected":[{"vendor":"Apache Software Foundation","product":"Apache XML Graphics","versions":[{"version":"Batik 1.14","status":"affected"}]}],"references":[{"url":"https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"},{"name":"[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"},{"name":"GLSA-202401-11","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202401-11"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-918 Server-Side Request Forgery (SSRF)","cweId":"CWE-918"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"discovery":"UNKNOWN"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20231014 [SECURITY] [DLA 3619-1] batik security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html"},{"name":"GLSA-202401-11","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202401-11"},{"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:27:25.993Z"}}]}}