Batik Apache Batik

Do you want an email whenever new security vulnerabilities are reported in Apache Batik?

By the Year

In 2023 there have been 0 vulnerabilities in Apache Batik . Last year Batik had 5 security vulnerabilities published. Right now, Batik is on track to have less security vulnerabilities in 2023 than it did last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 5 6.62
2021 1 8.20
2020 1 7.50
2019 0 0.00
2018 1 9.80

It may take a day or so for new Batik vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Batik Security Vulnerabilities

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript

CVE-2022-42890 7.5 - High - October 25, 2022

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

XSPA

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG

CVE-2022-41704 7.5 - High - October 25, 2022

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

XSPA

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url

CVE-2022-40146 7.5 - High - September 22, 2022

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

XSPA

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources

CVE-2022-38648 5.3 - Medium - September 22, 2022

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

XSPA

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol

CVE-2022-38398 5.3 - Medium - September 22, 2022

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

XSPA

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel

CVE-2020-11987 8.2 - High - February 24, 2021

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Improper Input Validation

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes

CVE-2019-17566 7.5 - High - November 12, 2020

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

XSPA

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string

CVE-2018-8013 9.8 - Critical - May 24, 2018

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Apache? Click the Watch button to subscribe.

Apache
Vendor

Apache Batik
Product

subscribe