VulnerableCode Package Details - pkg:ebuild/dev-java/batik@1.17

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2bvu-58vp-c7bq	Server-Side Request Forgery (SSRF) Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.	CVE-2020-11987 GHSA-2h63-qp69-fwvw
VCID-37s5-46dd-5fgm	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.	CVE-2022-38648 GHSA-53jm-3hc9-fqqc
VCID-ewrb-sx6p-mqbj	A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.	CVE-2022-41704 GHSA-r29w-r9ph-vm76
VCID-hmf4-tru4-x7aj	A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.	CVE-2022-42890 GHSA-rwqr-m72q-v6cm
VCID-kmrp-p4uh-27dm	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.	CVE-2022-40146 GHSA-h4qg-p7r2-cpg3
VCID-n72n-a1pp-dqac	Deserialization of Untrusted Data In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.	CVE-2018-8013 GHSA-25gw-4pcc-45cf
VCID-neqx-5sez-gyeg	Server-Side Request Forgery (SSRF) Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.	CVE-2019-17566 GHSA-cmx4-p4v5-hmr5
VCID-q3pc-1rx9-8khw	Apache Batik information disclosure vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.	CVE-2022-44730 GHSA-2474-2566-3qxp
VCID-vuwh-jn2m-n3ht	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.	CVE-2022-38398 GHSA-c5xv-qc8p-mh2v
VCID-zxeg-w6n7-cbe3	Apache XML Graphics Batik Server-Side Request Forgery vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.	CVE-2022-44729 GHSA-gq5f-xv48-2365

Vulnerability

Summary

Aliases

VCID-2bvu-58vp-c7bq

Server-Side Request Forgery (SSRF) Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CVE-2020-11987
GHSA-2h63-qp69-fwvw

VCID-37s5-46dd-5fgm

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38648
GHSA-53jm-3hc9-fqqc

VCID-ewrb-sx6p-mqbj

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

CVE-2022-41704
GHSA-r29w-r9ph-vm76

VCID-hmf4-tru4-x7aj

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

CVE-2022-42890
GHSA-rwqr-m72q-v6cm

VCID-kmrp-p4uh-27dm

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-40146
GHSA-h4qg-p7r2-cpg3

VCID-n72n-a1pp-dqac

Deserialization of Untrusted Data In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

CVE-2018-8013
GHSA-25gw-4pcc-45cf

VCID-neqx-5sez-gyeg

Server-Side Request Forgery (SSRF) Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CVE-2019-17566
GHSA-cmx4-p4v5-hmr5

VCID-q3pc-1rx9-8khw

Apache Batik information disclosure vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

CVE-2022-44730
GHSA-2474-2566-3qxp

VCID-vuwh-jn2m-n3ht

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38398
GHSA-c5xv-qc8p-mh2v

VCID-zxeg-w6n7-cbe3

Apache XML Graphics Batik Server-Side Request Forgery vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

CVE-2022-44729
GHSA-gq5f-xv48-2365

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T19:10:08.943975+00:00	Gentoo Importer	Fixing	VCID-q3pc-1rx9-8khw	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.928785+00:00	Gentoo Importer	Fixing	VCID-zxeg-w6n7-cbe3	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.913389+00:00	Gentoo Importer	Fixing	VCID-hmf4-tru4-x7aj	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.897697+00:00	Gentoo Importer	Fixing	VCID-ewrb-sx6p-mqbj	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.866082+00:00	Gentoo Importer	Fixing	VCID-kmrp-p4uh-27dm	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.850866+00:00	Gentoo Importer	Fixing	VCID-37s5-46dd-5fgm	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.835534+00:00	Gentoo Importer	Fixing	VCID-vuwh-jn2m-n3ht	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.820452+00:00	Gentoo Importer	Fixing	VCID-2bvu-58vp-c7bq	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.804944+00:00	Gentoo Importer	Fixing	VCID-neqx-5sez-gyeg	https://security.gentoo.org/glsa/202401-11	38.6.0
2026-06-04T19:10:08.789627+00:00	Gentoo Importer	Fixing	VCID-n72n-a1pp-dqac	https://security.gentoo.org/glsa/202401-11	38.6.0