rpm package

suse/xmlgraphics-batik&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/xmlgraphics-batik&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (10)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-44729		—	< 1.17-2.7.1	1.17-2.7.1	Aug 22, 2023	Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in s
CVE-2022-44730		—	< 1.17-2.7.1	1.17-2.7.1	Aug 22, 2023	Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
CVE-2022-42890		—	< 1.17-2.7.1	1.17-2.7.1	Oct 25, 2022	A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
CVE-2022-41704		—	< 1.17-2.7.1	1.17-2.7.1	Oct 25, 2022	A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
CVE-2022-40146		—	< 1.17-2.7.1	1.17-2.7.1	Sep 22, 2022	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
CVE-2022-38648		—	< 1.17-2.7.1	1.17-2.7.1	Sep 22, 2022	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
CVE-2022-38398		—	< 1.17-2.7.1	1.17-2.7.1	Sep 22, 2022	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
CVE-2020-11987		—	< 1.17-2.7.1	1.17-2.7.1	Feb 24, 2021	Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2019-17566		—	< 1.8-3.3.1	1.8-3.3.1	Nov 12, 2020	Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2017-5662	Hig	7.3	< 1.17-2.7.1	1.17-2.7.1	Apr 18, 2017	In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the u

CVE-2022-44729Aug 22, 2023
affected < 1.17-2.7.1fixed 1.17-2.7.1
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in s
CVE-2022-44730Aug 22, 2023
affected < 1.17-2.7.1fixed 1.17-2.7.1
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
CVE-2022-42890Oct 25, 2022
affected < 1.17-2.7.1fixed 1.17-2.7.1
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
CVE-2022-41704Oct 25, 2022
affected < 1.17-2.7.1fixed 1.17-2.7.1
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
CVE-2022-40146Sep 22, 2022
affected < 1.17-2.7.1fixed 1.17-2.7.1
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
CVE-2022-38648Sep 22, 2022
affected < 1.17-2.7.1fixed 1.17-2.7.1
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
CVE-2022-38398Sep 22, 2022
affected < 1.17-2.7.1fixed 1.17-2.7.1
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
CVE-2020-11987Feb 24, 2021
affected < 1.17-2.7.1fixed 1.17-2.7.1
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2019-17566Nov 12, 2020
affected < 1.8-3.3.1fixed 1.8-3.3.1
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2017-5662HigApr 18, 2017
affected < 1.17-2.7.1fixed 1.17-2.7.1
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the u