Vulnerabilities > Apache > Batik > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-41704 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.
network
low complexity
apache debian CWE-918
7.5
2022-10-25 CVE-2022-42890 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.
network
low complexity
apache debian CWE-918
7.5
2022-09-22 CVE-2022-40146 Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.
network
low complexity
apache debian
7.5
2021-02-24 CVE-2020-11987 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel.
network
low complexity
apache fedoraproject oracle debian CWE-918
8.2
2020-11-12 CVE-2019-17566 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes.
network
low complexity
apache oracle CWE-918
7.5
2017-04-18 CVE-2017-5662 XXE vulnerability in Apache Batik
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files.
network
low complexity
apache CWE-611
7.3