Information Disclosure

Batik bridge is vulnerable to information disclosure. The vulnerability exists in the function of DefaultScriptSecurity because the jars get loaded by default which allows an attacker to execute arbitrary codes into the system...

Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Batik. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Apache XML Graphics Batik Server-Side Request Forgery Vulnerability

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw in the DefaultScriptSecurity function. An attacker could exploi...

CVE-2022-40146 Jar url should be blocked by DefaultScriptSecurity

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...