Batik Apache Batik

Do you want an email whenever new security vulnerabilities are reported in Apache Batik?

By the Year

In 2022 there have been 0 vulnerabilities in Apache Batik . Last year Batik had 1 security vulnerability published. Right now, Batik is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 1 8.20
2020 1 7.50
2019 0 0.00
2018 1 9.80

It may take a day or so for new Batik vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Batik Security Vulnerabilities

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel

CVE-2020-11987 8.2 - High - February 24, 2021

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Improper Input Validation

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes

CVE-2019-17566 7.5 - High - November 12, 2020

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

XSPA

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string

CVE-2018-8013 9.8 - Critical - May 24, 2018

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Apache? Click the Watch button to subscribe.

Apache
Vendor

Apache Batik
Product

subscribe