CVE-2022-38398

CVE-2022-38398: Server-Side Request Forgery Information Disclosure Vulnerability

Vendor Apache Software Foundation

Product Apache XML Graphics

Weakness CWE-918 · SSRF

Published September 22, 2022

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Key dates

02Disclosure timeline

September 22, 2022 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-38398 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2026-45373 CodeWhale: SSRF‌ IPV6 bypass CVE-2025-8020 CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery CVE-2026-48128 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step CVE-2025-58641 WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability