Apache Software Foundation Apache Xml Graphics vulnerabilities

5 known vulnerabilities affecting apache_software_foundation/apache_xml_graphics.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2022-41704HIGHCVSS 7.5≥ Batik, ≤ 1.152022-10-25

CVE-2022-41704 [HIGH] CWE-918 CVE-2022-41704: A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from a A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

CVE-2022-42890HIGHCVSS 7.5≥ Batik, ≤ 1.152022-10-25

CVE-2022-42890 [HIGH] CWE-918 CVE-2022-42890: A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted S A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

CVE-2022-40146HIGHCVSS 7.5vBatik 1.142022-09-22

CVE-2022-40146 [HIGH] CWE-918 CVE-2022-40146: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38648MEDIUMCVSS 5.3vBatik 1.142022-09-22

CVE-2022-38648 [MEDIUM] CWE-918 CVE-2022-38648: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38398MEDIUMCVSS 5.3vBatik 1.142022-09-22

CVE-2022-38398 [MEDIUM] CWE-918 CVE-2022-38398: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.