Known vulnerabilities in the org.apache.xmlgraphics:batik-script package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to insufficient checks in the `RhinoClassShutter.java` file. An attacker can craft a malicious SVG which can probe user profile / data and send it directly as parameter to a URL. How to fix Server-side Request Forgery (SSRF)? Upgrade `org.apache.xmlgraphics:batik-script` to version 1.17 or higher.	[1.0,1.17)
M Remote Code Execution (RCE) Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to allowing an attacker to run Java code from untrusted SVG via JavaScript. How to fix Remote Code Execution (RCE)? Upgrade `org.apache.xmlgraphics:batik-script` to version 1.16 or higher.	[,1.16)

Server-side Request Forgery (SSRF)

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to insufficient checks in the RhinoClassShutter.java file. An attacker can craft a malicious SVG which can probe user profile / data and send it directly as parameter to a URL.

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.apache.xmlgraphics:batik-script to version 1.17 or higher.

[1.0,1.17)

Remote Code Execution (RCE)

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to allowing an attacker to run Java code from untrusted SVG via JavaScript.

How to fix Remote Code Execution (RCE)?

Upgrade org.apache.xmlgraphics:batik-script to version 1.16 or higher.

[,1.16)

Go back to all versions of this package