xmlgraphics-batik (SUSE:Linux Enterprise Software Development Kit 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP5 package xmlgraphics-batik, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2020-11987 — CVSS 8.2 (high): Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a…
CVE-2022-40146 — CVSS 7.5 (high): Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This…
CVE-2019-17566 — CVSS 7.5 (high): Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a…
CVE-2022-42890 — CVSS 7.5 (high): A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects…
CVE-2022-41704 — CVSS 7.5 (high): A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML…
CVE-2017-5662 — CVSS 7.3 (high): In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send…
CVE-2022-44729 — CVSS 7.1 (high): Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML…
CVE-2022-38648 — CVSS 5.3 (medium): Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue…
CVE-2022-38398 — CVSS 5.3 (medium): Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol…
CVE-2022-44730 — CVSS 4.4 (medium): Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML…