FilterPlugin.Batik (SVG) Image Library Batik Security Update (MINDBREEZE16264)

ID: MINDBREEZE16264 
Affected Components: Mindbreeze Inspire G6, Mindbreeze Inspire G7, Mindbreeze InSpire SaaS 
Severity: 7.5 High 
Status: Final 
First published: February 2, 2021 
CVEs: CVE-2019-17566

Summary

The Mindbreeze ImageIO Filter is using Apache Batik to filter SVGs, which is vulnerable to server-side request forgery, caused by improper input validation.

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

  • Mindbreeze InSpire 20.5 Release (Version 20.5.1.835)
  • Mindbreeze InSpire SaaS 20.5 Release (Version 20.5.1.835)