Apache Batik
By the Year
In 2022 there have been 0 vulnerabilities in Apache Batik . Last year Batik had 1 security vulnerability published. Right now, Batik is on track to have less security vulnerabilities in 2022 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.20 |
| 2020 | 1 | 7.50 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Batik vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Batik Security Vulnerabilities
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel
CVE-2020-11987
8.2 - High
- February 24, 2021
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Improper Input Validation
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes
CVE-2019-17566
7.5 - High
- November 12, 2020
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
XSPA
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string
CVE-2018-8013
9.8 - Critical
- May 24, 2018
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Apache? Click the Watch button to subscribe.
