Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2022-44730

Medium priority
Needs evaluation

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as...

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-44729

Medium priority
Needs evaluation

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources...

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-42890

Medium priority

Some fixes available 6 of 9

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-41704

Medium priority

Some fixes available 6 of 9

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-40146

Medium priority

Some fixes available 6 of 9

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-38648

Medium priority

Some fixes available 6 of 9

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-38398

Medium priority

Some fixes available 6 of 9

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-11987

Medium priority

Some fixes available 4 of 10

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the...

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-17566

Medium priority

Some fixes available 4 of 5

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the...

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Not affected Fixed Fixed Fixed
Show less packages

CVE-2018-8013

Medium priority

Some fixes available 1 of 3

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check...

1 affected packages

batik

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
batik Not affected Not affected Not affected Not affected Vulnerable
Show less packages