{"vulnerability": "CVE-2022-38398", "sightings": [{"uuid": "89158bcb-8d9d-4701-a2d9-ff5ca698c1c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38398", "type": "seen", "source": "https://t.me/cibsecurity/50267", "content": "\u203c CVE-2022-38398 \u203c\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T18:12:19.000000Z"}, {"uuid": "ce188abc-8e6b-4d43-b542-77298b8bb366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38398", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7094", "content": "#exploit\n1. CVE-2022-38398, CVE-2022-40146:\nVulnerabilities in Apache Batik Default Security Controls - SSRF/RCE Through Remote Class Loading\nhttps://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading\n\n2. CVE-2022-0739:\nSQLI BookingPress <1.0.11 - Unauth SQL Injection\nhttps://github.com/Chris01s/CVE-2022-0739", "creation_timestamp": "2022-11-03T11:05:13.000000Z"}]}