VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-zxeg-w6n7-cbe3

Essentials
Severities (25)
References (17)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zxeg-w6n7-cbe3
Aliases	CVE-2022-44729 GHSA-gq5f-xv48-2365
Summary	Apache XML Graphics Batik Server-Side Request Forgery vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-918	Server-Side Request Forgery (SSRF)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44729.json
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2022-44729
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2022-44729
cvssv3.1	7.1	https://github.com/apache/xmlgraphics-batik
generic_textual	HIGH	https://github.com/apache/xmlgraphics-batik
cvssv3.1	7.1	https://github.com/apache/xmlgraphics-batik/commit/85b3457d9902f64d5d409a8da060d5ba47d0b69b
generic_textual	HIGH	https://github.com/apache/xmlgraphics-batik/commit/85b3457d9902f64d5d409a8da060d5ba47d0b69b
cvssv3.1	7.1	https://github.com/apache/xmlgraphics-batik/commit/aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893
generic_textual	HIGH	https://github.com/apache/xmlgraphics-batik/commit/aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893
cvssv3.1	7.1	https://issues.apache.org/jira/browse/BATIK-1349
generic_textual	HIGH	https://issues.apache.org/jira/browse/BATIK-1349
cvssv3.1	7.1	https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
generic_textual	HIGH	https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
cvssv3.1	7.1	https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
cvssv3.1	7.1	https://nvd.nist.gov/vuln/detail/CVE-2022-44729
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-44729
cvssv3.1	7.1	https://security.gentoo.org/glsa/202401-11
generic_textual	HIGH	https://security.gentoo.org/glsa/202401-11
cvssv3.1	7.1	https://xmlgraphics.apache.org/security.html
generic_textual	HIGH	https://xmlgraphics.apache.org/security.html
cvssv3.1	7.1	http://www.openwall.com/lists/oss-security/2023/08/22/2
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2023/08/22/2
cvssv3.1	7.1	http://www.openwall.com/lists/oss-security/2023/08/22/4
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2023/08/22/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44729.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-44729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44729
		https://github.com/apache/xmlgraphics-batik
		https://github.com/apache/xmlgraphics-batik/commit/85b3457d9902f64d5d409a8da060d5ba47d0b69b
		https://github.com/apache/xmlgraphics-batik/commit/aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893
		https://issues.apache.org/jira/browse/BATIK-1349
		https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2
		https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
		https://security.gentoo.org/glsa/202401-11
		https://xmlgraphics.apache.org/security.html
		http://www.openwall.com/lists/oss-security/2023/08/22/2
		http://www.openwall.com/lists/oss-security/2023/08/22/4
2233889		https://bugzilla.redhat.com/show_bug.cgi?id=2233889
CVE-2022-44729		https://nvd.nist.gov/vuln/detail/CVE-2022-44729
GHSA-gq5f-xv48-2365		https://github.com/advisories/GHSA-gq5f-xv48-2365
RHSA-2023:5441		https://access.redhat.com/errata/RHSA-2023:5441

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44729.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://github.com/apache/xmlgraphics-batik

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://github.com/apache/xmlgraphics-batik/commit/85b3457d9902f64d5d409a8da060d5ba47d0b69b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://github.com/apache/xmlgraphics-batik/commit/aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://issues.apache.org/jira/browse/BATIK-1349

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-44729

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://security.gentoo.org/glsa/202401-11

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://xmlgraphics.apache.org/security.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2023/08/22/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2023/08/22/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.30356
EPSS Score	0.00119
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:45:37.401916+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.xmlgraphics/batik-bridge/CVE-2022-44729.yml	38.6.0