Vulnerabilities > Apache > Batik > 1.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-25 | CVE-2022-41704 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. | 7.5 |
2022-10-25 | CVE-2022-42890 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. | 7.5 |
2021-02-24 | CVE-2020-11987 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. | 8.2 |
2020-11-12 | CVE-2019-17566 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. | 7.5 |
2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |
2017-04-18 | CVE-2017-5662 | XXE vulnerability in Apache Batik In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. | 7.9 |
2015-03-24 | CVE-2015-0250 | XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. | 6.4 |
2005-03-14 | CVE-2005-0508 | Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." | 4.6 |