VYPR
High severityNVD Advisory· Published Feb 24, 2021· Updated Nov 3, 2025

CVE-2020-11987

CVE-2020-11987

Description

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.xmlgraphics:batik-svgbrowserMaven
< 1.141.14

Affected products

3

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.