VulnerableCode Package Details - pkg:maven/org.apache.xmlgraphics/batik@1.13

Search for packages

Vulnerability	Summary	Fixed by
VCID-37s5-46dd-5fgm Aliases: CVE-2022-38648 GHSA-53jm-3hc9-fqqc	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.	1.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-hmf4-tru4-x7aj Aliases: CVE-2022-42890 GHSA-rwqr-m72q-v6cm	A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.	1.16 Affected by 0 other vulnerabilities.
VCID-kmrp-p4uh-27dm Aliases: CVE-2022-40146 GHSA-h4qg-p7r2-cpg3	Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.	1.15 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-37s5-46dd-5fgm
Aliases:
CVE-2022-38648
GHSA-53jm-3hc9-fqqc

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

1.15
Affected by 1 other vulnerability.

VCID-hmf4-tru4-x7aj
Aliases:
CVE-2022-42890
GHSA-rwqr-m72q-v6cm

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

1.16
Affected by 0 other vulnerabilities.

VCID-kmrp-p4uh-27dm
Aliases:
CVE-2022-40146
GHSA-h4qg-p7r2-cpg3

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

1.15
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-neqx-5sez-gyeg	Server-Side Request Forgery (SSRF) Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.	CVE-2019-17566 GHSA-cmx4-p4v5-hmr5

Vulnerability

Summary

Aliases

VCID-neqx-5sez-gyeg

Server-Side Request Forgery (SSRF) Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CVE-2019-17566
GHSA-cmx4-p4v5-hmr5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:07:57.151625+00:00	GitLab Importer	Affected by	VCID-hmf4-tru4-x7aj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.xmlgraphics/batik/CVE-2022-42890.yml	38.6.0
2026-06-06T02:59:30.619359+00:00	GitLab Importer	Affected by	VCID-kmrp-p4uh-27dm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.xmlgraphics/batik/CVE-2022-40146.yml	38.6.0
2026-06-06T02:58:44.014222+00:00	GitLab Importer	Affected by	VCID-37s5-46dd-5fgm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.xmlgraphics/batik/CVE-2022-38648.yml	38.6.0
2026-06-05T21:18:02.749174+00:00	GHSA Importer	Fixing	VCID-neqx-5sez-gyeg	https://github.com/advisories/GHSA-cmx4-p4v5-hmr5	38.6.0
2026-06-04T17:50:54.485484+00:00	GithubOSV Importer	Fixing	VCID-neqx-5sez-gyeg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-cmx4-p4v5-hmr5/GHSA-cmx4-p4v5-hmr5.json	38.6.0
2026-06-02T04:41:16.538456+00:00	GitLab Importer	Fixing	VCID-neqx-5sez-gyeg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.xmlgraphics/batik/CVE-2019-17566.yml	38.6.0