GSA_kwCzR0hTQS1oNHFnLXA3cjItY3BnM84AAvAC

High EPSS: 0.43606% (0.97361 Percentile) EPSS:

Permalink JSON

Apache Batik vulnerable to Server-Side Request Forgery

Affected Packages	Affected Versions	Fixed Versions
maven:org.apache.xmlgraphics:batik	>= 1.0, < 1.15	1.15
0 Dependent packages 6 Dependent repositories Affected Version Ranges All affected versions 1.9.1 All unaffected versions

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-40146
https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx
https://issues.apache.org/jira/browse/BATIK-1335
https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
https://security.gentoo.org/glsa/202401-11
https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html
https://github.com/advisories/GHSA-h4qg-p7r2-cpg3

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1oNHFnLXA3cjItY3BnM84AAvAC

Apache Batik vulnerable to Server-Side Request Forgery

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API