2024-05-26 14:27:05 +02:00
### [CVE-2019-17566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566)
### Description
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
### POC
#### Reference
- https://www.oracle.com//security-alerts/cpujul2021.html
2024-06-09 00:33:16 +00:00
- https://www.oracle.com//security-alerts/cpujul2021.html
2024-05-26 14:27:05 +02:00
- https://www.oracle.com/security-alerts/cpuApr2021.html
2024-06-09 00:33:16 +00:00
- https://www.oracle.com/security-alerts/cpuApr2021.html
2024-05-26 14:27:05 +02:00
- https://www.oracle.com/security-alerts/cpujan2021.html
2024-06-09 00:33:16 +00:00
- https://www.oracle.com/security-alerts/cpujan2021.html
2024-05-26 14:27:05 +02:00
- https://www.oracle.com/security-alerts/cpujan2022.html
2024-06-09 00:33:16 +00:00
- https://www.oracle.com/security-alerts/cpujan2022.html
2024-05-26 14:27:05 +02:00
- https://www.oracle.com/security-alerts/cpujul2022.html
2024-06-09 00:33:16 +00:00
- https://www.oracle.com/security-alerts/cpujul2022.html
2024-05-26 14:27:05 +02:00
- https://www.oracle.com/security-alerts/cpuoct2021.html
2024-06-09 00:33:16 +00:00
- https://www.oracle.com/security-alerts/cpuoct2021.html
2024-05-26 14:27:05 +02:00
#### Github
- https://github.com/yuriisanin/svg2raster-cheatsheet
