Maven package
org.apache.xmlgraphics/batik-bridge
pkg:maven/org.apache.xmlgraphics/batik-bridge
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-44729 | — | >= 1.0, < 1.17 | 1.17 | Aug 22, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in s | ||
| CVE-2022-42890 | — | < 1.16 | 1.16 | Oct 25, 2022 | A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | ||
| CVE-2022-38648 | — | < 1.15 | 1.15 | Sep 22, 2022 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | ||
| CVE-2022-38398 | — | >= 1.14, < 1.15 | 1.15 | Sep 22, 2022 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. |
- CVE-2022-44729Aug 22, 2023affected >= 1.0, < 1.17fixed 1.17
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in s
- CVE-2022-42890Oct 25, 2022affected < 1.16fixed 1.16
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
- CVE-2022-38648Sep 22, 2022affected < 1.15fixed 1.15
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
- CVE-2022-38398Sep 22, 2022affected >= 1.14, < 1.15fixed 1.15
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.