Apache Batik

Apache Batik 1.16 SSRF via SVG External Resource Loading
CVE-2022-44729 7.1 - High - August 22, 2023

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

SSRF

Apache XML Graphics Batik: RCE via SVG-JS prior to v1.16
CVE-2022-42890 7.5 - High - October 25, 2022

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

SSRF

Untrusted Java Code Exec via SVG in Apache Batik <1.16 (CVE-2022-41704)
CVE-2022-41704 7.5 - High - October 25, 2022

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

SSRF

Apache Batik 1.14 SSRF via Jar URL (CVE-2022-40146)
CVE-2022-40146 7.5 - High - September 22, 2022

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

SSRF

Apache Batik 1.14 SSRF External Resource Fetch
CVE-2022-38648 5.3 - Medium - September 22, 2022

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

SSRF

SSRF in Apache XML Graphics Batik 1.14 via JAR protocol
CVE-2022-38398 5.3 - Medium - September 22, 2022

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

SSRF

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel
CVE-2020-11987 8.2 - High - February 24, 2021

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Improper Input Validation

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes
CVE-2019-17566 - November 12, 2020

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string
CVE-2018-8013 - May 24, 2018

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

In Apache Batik before 1.9, files lying on the filesystem of the server
CVE-2017-5662 - April 18, 2017

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.