cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2022-44729,https://securityvulnerability.io/vulnerability/CVE-2022-44729,Apache XML Graphics Batik: Information disclosure vulnerability,"A Server-Side Request Forgery (SSRF) vulnerability exists in version 1.16 of Apache XML Graphics Batik. This flaw can be exploited when a malicious SVG file causes the application to load external resources by default. This behavior may lead to excessive resource consumption and can result in unauthorized information disclosure. To safeguard against these risks, users are advised to upgrade to version 1.17 or a later version.",Apache,Apache Xml Graphics Batik,7.1,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-08-22T19:16:00.000Z,0 CVE-2022-44730,https://securityvulnerability.io/vulnerability/CVE-2022-44730,Apache XML Graphics Batik: Information disclosure vulnerability,"Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. ",Apache,Apache Xml Graphics Batik,4.4,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-22T19:16:00.000Z,0 CVE-2020-11987,https://securityvulnerability.io/vulnerability/CVE-2020-11987,,"Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",Apache,Apache Batik,8.2,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2021-02-24T00:00:00.000Z,0 CVE-2019-17566,https://securityvulnerability.io/vulnerability/CVE-2019-17566,,"Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the ""xlink:href"" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",Apache,Apache Batik,7.5,HIGH,0.0024399999529123306,false,,false,false,false,,,false,false,,2020-11-12T18:15:00.000Z,0 CVE-2018-8013,https://securityvulnerability.io/vulnerability/CVE-2018-8013,,"In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.",Apache,Apache Batik,9.8,CRITICAL,0.007069999817758799,false,,false,false,false,,,false,false,,2018-05-24T16:29:00.000Z,0 CVE-2017-5662,https://securityvulnerability.io/vulnerability/CVE-2017-5662,,"In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.",Apache,Apache Batik,7.3,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2017-04-18T14:00:00.000Z,0