org.apache.xmlgraphics:batik
Maven9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.xmlgraphics:batikpage 1 of 1
- CVE-2015-0250NONECVSS 0.0✓ Fixed in 1.82015-03-24
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
- CVE-2017-5662HIGHCVSS 7.3EG 7.3✓ Fixed in 1.92017-04-18
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exp…
- CVE-2018-8013CRITICALCVSS 9.8✓ Fixed in 1.102018-05-24
vulnerable: 1.9.1
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class t…
- CVE-2019-17566HIGHCVSS 7.5EG 7.5✓ Fixed in 1.132020-11-12
vulnerable: 1.10, 1.11, 1.12, 1.9.1
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying serv…
- CVE-2022-38398MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.152022-09-22
vulnerable: 1.14
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
- CVE-2022-38648MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.152022-09-22
vulnerable: 1.10 ... 1.9.1 (6 versions)
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
- CVE-2022-40146HIGHCVSS 7.5EG 7.5✓ Fixed in 1.152022-09-22
vulnerable: 1.10 ... 1.9.1 (6 versions)
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
- CVE-2022-41704HIGHCVSS 7.5EG 7.5✓ Fixed in 1.162022-10-25
vulnerable: 1.10 ... 1.9.1 (7 versions)
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
- CVE-2022-42890HIGHCVSS 7.5EG 7.5✓ Fixed in 1.162022-10-25
vulnerable: 1.10 ... 1.9.1 (7 versions)
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
Check whether org.apache.xmlgraphics:batik is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.xmlgraphics:batik CVEs against the assets you own.
Start Free Scan →