Homepage

org.apache.xmlgraphics:batik-script@1.9.1 vulnerabilities

  • latest version

    1.18

  • latest non vulnerable version

    1.18

  • first published

    17 years ago

  • latest version published

    3 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.xmlgraphics:batik-script package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Server-side Request Forgery (SSRF)

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to insufficient checks in the RhinoClassShutter.java file. An attacker can craft a malicious SVG which can probe user profile / data and send it directly as parameter to a URL.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade org.apache.xmlgraphics:batik-script to version 1.17 or higher.

    [1.0,1.17)
    • M
    Remote Code Execution (RCE)

    Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to allowing an attacker to run Java code from untrusted SVG via JavaScript.

    How to fix Remote Code Execution (RCE)?

    Upgrade org.apache.xmlgraphics:batik-script to version 1.16 or higher.

    [,1.16)
    Go back to all versions of this package