Apache Software Foundation Batik 1.12

CPE Details

Apache Software Foundation Batik 1.12
apache
batik
1.12
2020-11-17
15h37 +00:00
2020-11-17
15h37 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:batik:1.12:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

batik

Version

1.12

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-41704 2022-10-24 22h00 +00:00 A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
7.5
Haute
CVE-2022-42890 2022-10-24 22h00 +00:00 A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
7.5
Haute
CVE-2020-11987 2021-02-23 23h00 +00:00 Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
8.2
Haute
CVE-2019-17566 2020-11-11 23h00 +00:00 Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
7.5
Haute