https://bz.apache.org/bugzilla/show_bug.cgi?id=65355
Bug ID: 65355
Summary: Vulnerability through the batik-all deopendency
Product: POI
Version: 5.0.0-FINAL
Hardware: PC
Status: NEW
Severity: major
Priority: P2
Component: POI Overall
Assignee: dev@poi.apache.org
Reporter: lau.thou...@gmail.com
Target Milestone: ---
Hello,
We're getting a warning regarding some vulnerability induced by the batik-all
dependency when using poi-ooxml.
[ERROR] org.apache.xmlgraphics:batik-transcoder:jar:1.13:compile;
https://ossindex.sonatype.org/component/pkg:maven/org.apache.xmlgraphics/batik-transcoder@1.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
[ERROR] * [CVE-2020-11987] Apache Batik 1.13 is vulnerable to server-side
request forgery, caused by improp... (5.3);
https://ossindex.sonatype.org/vulnerability/3be652e4-f000-4fad-9fdb-1a0bda304afe?component-type=maven&component-name=org.apache.xmlgraphics.batik-transcoder&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
[ERROR] org.apache.xmlgraphics:batik-dom:jar:1.13:compile;
https://ossindex.sonatype.org/component/pkg:maven/org.apache.xmlgraphics/batik-dom@1.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
[ERROR] * [CVE-2020-11987] Apache Batik 1.13 is vulnerable to server-side
request forgery, caused by improp... (5.3);
https://ossindex.sonatype.org/vulnerability/3be652e4-f000-4fad-9fdb-1a0bda304afe?component-type=maven&component-name=org.apache.xmlgraphics.batik-dom&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
I'm not really sure what it impacts but it's the kind of thing that should be
looked into IMO.
Thanks
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
