Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146) A vulnerability in Batik of Apache XML Graphics allows an malicious user to run untrusted Java code from an SVG. This issue affects Apache XML Graphics before 1.16. It is recommended to update to version 1.16. (CVE-2022-41704) A vulnerability in Batik of Apache XML Graphics allows an malicious user to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics before 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache batik |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
oracle agile engineering data management 6.2.1.0 |
||
oracle banking apis 18.3 |
||
oracle banking apis 19.1 |
||
oracle banking apis 19.2 |
||
oracle banking apis 20.1 |
||
oracle banking apis 21.1 |
||
oracle banking digital experience 18.3 |
||
oracle banking digital experience 19.1 |
||
oracle banking digital experience 19.2 |
||
oracle banking digital experience 20.1 |
||
oracle banking digital experience 21.1 |
||
oracle communications application session controller 3.9m0p3 |
||
oracle communications metasolv solution 6.3.0 |
||
oracle communications metasolv solution 6.3.1 |
||
oracle communications offline mediation controller 12.0.0.3.0 |
||
oracle enterprise repository 11.1.1.7.0 |
||
oracle flexcube universal banking |
||
oracle fusion middleware mapviewer 12.2.1.4.0 |
||
oracle instantis enterprisetrack 17.1 |
||
oracle instantis enterprisetrack 17.2 |
||
oracle instantis enterprisetrack 17.3 |
||
oracle insurance policy administration |
||
oracle product lifecycle analytics 3.6.1 |
||
oracle retail back office 14.1 |
||
oracle retail central office 14.1 |
||
oracle retail order broker 15.0 |
||
oracle retail order broker 16.0 |
||
oracle retail order management system cloud service 19.5 |
||
oracle retail point-of-service 14.1 |
||
oracle retail returns management 14.1 |
||
oracle weblogic server 12.2.1.3.0 |
||
oracle weblogic server 12.2.1.4.0 |
||
oracle weblogic server 14.1.1.0.0 |
||
debian debian linux 10.0 |