rpm package
opensuse/xmlgraphics-batik&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/xmlgraphics-batik&distro=openSUSE%20Leap%2015.5
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28168 | — | < 1.18-150200.4.10.2 | 1.18-150200.4.10.2 | Oct 9, 2024 | Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. | ||
| CVE-2022-44729 | — | < 1.17-150200.4.7.1 | 1.17-150200.4.7.1 | Aug 22, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in s | ||
| CVE-2022-44730 | — | < 1.17-150200.4.7.1 | 1.17-150200.4.7.1 | Aug 22, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | ||
| CVE-2022-42890 | — | < 1.17-150200.4.7.1 | 1.17-150200.4.7.1 | Oct 25, 2022 | A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | ||
| CVE-2022-41704 | — | < 1.17-150200.4.7.1 | 1.17-150200.4.7.1 | Oct 25, 2022 | A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. |
- CVE-2024-28168Oct 9, 2024affected < 1.18-150200.4.10.2fixed 1.18-150200.4.10.2
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.
- CVE-2022-44729Aug 22, 2023affected < 1.17-150200.4.7.1fixed 1.17-150200.4.7.1
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in s
- CVE-2022-44730Aug 22, 2023affected < 1.17-150200.4.7.1fixed 1.17-150200.4.7.1
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
- CVE-2022-42890Oct 25, 2022affected < 1.17-150200.4.7.1fixed 1.17-150200.4.7.1
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
- CVE-2022-41704Oct 25, 2022affected < 1.17-150200.4.7.1fixed 1.17-150200.4.7.1
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.