CVE-2015-0250 (Medium) detected in batik-dom-3.2.0.3958.jar #49
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2015-0250 - Medium Severity Vulnerability
Batik DOM
Path to dependency file: TimeBase/java/installer/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/batik/batik-dom/1.6/27983405f0871f28d3b9ab35b44e62610a60564a/batik-dom-1.6.jar
Dependency Hierarchy:
Found in HEAD commit: 98f6880b361c00a247f77e79a787646e9664cadd
Found in base branch: main
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Publish Date: 2015-03-24
URL: CVE-2015-0250
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0250
Release Date: 2015-03-24
Fix Resolution: 1.8
The text was updated successfully, but these errors were encountered: