VulnerableCode Package Details - pkg:deb/debian/batik@1.6-4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/batik@1.6-4

Essentials
History (8)

purl	pkg:deb/debian/batik@1.6-4

Next non-vulnerable version	1.16+dfsg-1+deb12u1
Latest non-vulnerable version	1.16+dfsg-1+deb12u1
Risk	3.1

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2bvu-58vp-c7bq Aliases: CVE-2020-11987 GHSA-2h63-qp69-fwvw	Server-Side Request Forgery (SSRF) Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.	1.16+dfsg-1+deb12u1 Affected by 0 other vulnerabilities.
VCID-n72n-a1pp-dqac Aliases: CVE-2018-8013 GHSA-25gw-4pcc-45cf	Deserialization of Untrusted Data In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.	1.7+dfsg-5+deb8u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.8-4+deb9u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.10-2+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-undw-s8qz-dke8 Aliases: CVE-2017-5662 GHSA-qwgx-59jw-qfg9	XXE vulnerability Files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.	1.7+dfsg-5+deb8u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.8-4+deb9u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xfy6-naeg-rqh3 Aliases: CVE-2015-0250 GHSA-wfw6-mmmp-87xm	Improper Restriction of XML External Entity Reference XML external entity (XXE) vulnerability in the SVG to PNG and JPG conversion classes in Apache Batik allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.	1.7+dfsg-3+deb7u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.7+dfsg-5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T00:37:50.952321+00:00	Debian Oval Importer	Affected by	VCID-n72n-a1pp-dqac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T00:17:46.139200+00:00	Debian Oval Importer	Affected by	VCID-2bvu-58vp-c7bq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:42:06.301227+00:00	Debian Oval Importer	Affected by	VCID-xfy6-naeg-rqh3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T22:24:37.798522+00:00	Debian Oval Importer	Affected by	VCID-n72n-a1pp-dqac	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-05T22:21:22.553104+00:00	Debian Oval Importer	Affected by	VCID-undw-s8qz-dke8	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-05T22:05:30.013154+00:00	Debian Oval Importer	Affected by	VCID-n72n-a1pp-dqac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.6.0
2026-06-05T21:49:05.642940+00:00	Debian Oval Importer	Affected by	VCID-undw-s8qz-dke8	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.6.0
2026-06-04T20:29:45.078661+00:00	Debian Oval Importer	Affected by	VCID-xfy6-naeg-rqh3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.6.0