Batik Security Vulnerabilities and Issues — Batik CVE List

Lucene search

ApacheBatik

10 matches found

CVE•added 2020/11/12 6:15 p.m.•254 views

CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

7.5CVSS8.2AI score0.00815EPSS

CVE•added 2021/02/24 6:15 p.m.•213 views

CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

8.2CVSS7.8AI score0.00247EPSS

CVE•added 2022/10/25 5:15 p.m.•173 views

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

7.5CVSS7.5AI score0.00155EPSS

CVE•added 2018/05/24 4:29 p.m.•164 views

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

9.8CVSS8.6AI score0.00723EPSS

CVE•added 2022/09/22 3:15 p.m.•158 views

CVE-2022-40146

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

7.5CVSS7.4AI score0.46852EPSS

CVE•added 2022/10/25 5:15 p.m.•141 views

CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

7.5CVSS7.5AI score0.0018EPSS

CVE•added 2022/09/22 3:15 p.m.•129 views

CVE-2022-38398

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

5.3CVSS6.2AI score0.00087EPSS

CVE•added 2022/09/22 3:15 p.m.•120 views

CVE-2022-38648

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

5.3CVSS6.3AI score0.00087EPSS

CVE•added 2017/04/18 2:59 p.m.•104 views

CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full ...

7.9CVSS7.1AI score0.00179EPSS

CVE•added 2015/03/24 5:59 p.m.•91 views

CVE-2015-0250

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

6.4CVSS8AI score0.01042EPSS