CVE-2022-40146
HIGHApache Batik 1.14 - Server-Side Request Forgery via Jar URL
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2022-40146. PoCs published by cckuailong, soulfoodisgood.
AI-analyzed exploit summary This repository contains functional exploit code for CVE-2022-40146, demonstrating SSRF and RCE vulnerabilities in Apache Batik via crafted SVG files with embedded Java archives or ECMAScript. The PoC includes a Java-based payload and detailed HTTP request examples for exploitation.
Description
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Exploits (2)
This repository contains functional exploit code for CVE-2022-40146, demonstrating SSRF and RCE vulnerabilities in Apache Batik via crafted SVG files with embedded Java archives or ECMAScript. The PoC includes a Java-based payload and detailed HTTP request examples for exploitation.
This repository contains a functional PoC for CVE-2022-40146, demonstrating an RCE vulnerability in Apache Batik's SVG transcoder. The exploit leverages the `KEY_EXECUTE_ONLOAD` and `KEY_ALLOWED_SCRIPT_TYPES` hints to enable script execution during SVG-to-JPEG conversion.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N