VYPR

Batik

by Apache

Source repositories

CVEs (3)

  • CVE-2017-5662HigApr 18, 2017
    risk 0.48cvss 7.3epss 0.04

    In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the…

  • CVE-2015-0250Mar 24, 2015
    risk 0.01cvss epss 0.17

    XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

  • CVE-2005-0508Mar 14, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."