org.apache.xmlgraphics:batik (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.xmlgraphics:batik, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2018-8013 — CVSS 9.8 (critical): In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the…
CVE-2022-40146 — CVSS 7.5 (high): Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This…
CVE-2019-17566 — CVSS 7.5 (high): Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a…
CVE-2022-42890 — CVSS 7.5 (high): A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects…
CVE-2022-41704 — CVSS 7.5 (high): A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML…
CVE-2017-5662 — CVSS 7.3 (high): In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send…
CVE-2015-0250 — CVSS 6.4 (medium): XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote…
CVE-2022-38648 — CVSS 5.3 (medium): Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue…
CVE-2022-38398 — CVSS 5.3 (medium): Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol…