CVE-2022-44729: 
Java vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability was discovered in Apache XML Graphics Batik, identified as CVE-2022-44729. The vulnerability affects Apache XML Graphics Batik versions 1.0 through 1.16. In version 1.16, a malicious SVG could trigger loading external resources by default, potentially leading to resource consumption or information disclosure. The vulnerability was publicly disclosed on August 22, 2023, with a fix released in version 1.17 (Apache Security, OSS Security).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue with a CVSS 3.1 Base Score of 7.1 (HIGH), and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H. The vulnerability allows malicious SVG files to trigger the loading of external resources by default, which could lead to unauthorized resource access (NVD).

The exploitation of this vulnerability can result in resource consumption and potential information disclosure. The high CVSS score indicates significant potential impact on system confidentiality and availability (NVD).

Users are recommended to upgrade to Apache XML Graphics Batik version 1.17 or later, which contains the fix for this vulnerability. The upgrade addresses the issue by blocking external resource loading by default (Apache Security, OSS Security).

Multiple Linux distributions have responded to this vulnerability by releasing security updates. Debian included this fix in their security update DLA-3619-1, and Gentoo addressed it in their security advisory GLSA 202401-11 (Debian LTS, Gentoo Security).