Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-11987: The Apache(tm) XML Graphics Project

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CVE
Open in Source
#vulnerability#apache

The Apache™ XML Graphics Project - Security****Published Vulnerabilities

The Apache™ XML Graphics Project has collected its Security related information for all of its sub-projects to this page.

Apache™ Batik Project - Apache Batik Security

Fixed in Batik 1.14

medium: SSRF vulnerability CVE-2020-11987

Issue Public: 2021-02-24

Update Released: 2021-01-20 (Batik 1.14)

Affects: 1.13 and earlier

Fixed in Batik 1.13

medium: SSRF vulnerability CVE-2019-17566

Issue Public: 2020-06-15

Update Released: 2020-05-13 (Batik 1.13)

Affects: 1.12 and earlier

Fixed in Batik 1.10

medium: Deserialization vulnerability CVE-2018-8013

Issue Public: 2018-05-23

Update Released: 2018-05-23 (Batik 1.10)

Affects: 1.9.1 and earlier

Fixed in Batik 1.9

medium: XXE vulnerability CVE-2017-5662

Issue Public: 2017-04-18

Update Released: 2017-04-10 (Batik 1.9)

Affects: 1.8 and earlier

Fixed in Batik 1.8, 1.7.1 and 1.6.1

medium: XXE vulnerability CVE-2015-0250

Issue Public: 2012-07-25

Update Released: 2015-03-17 (Batik 1.8) and 2015-05-10 (Batik 1.7.1 and 1.6.1)

Affects: 1.7, 1.6 and earlier

Apache™ FOP Project - Apache FOP Security

Fixed in FOP 2.2

medium: XXE vulnerability CVE-2017-5661

Issue Public: 2017-04-18

Update Released: 2017-04-10 (FOP 2.2)

Affects: 2.1 and earlier

Apache™ XML Graphics Commons Project - Apache XML Graphics Commons Security

Fixed in Commons 2.6

medium: XXE vulnerability CVE-2020-11988

Issue Public: 2021-02-24

Update Released: 2021-01-20 (Commons 2.6)

Affects: 2.4 and earlier

Reporting New Security Problems with the Apache XML Graphics Sub Projects

Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the ASF Security Team for further information and contact information.

IMPORTANT

  • The ASF Security Team cannot accept regular bug reports or other queries. We ask that you use our bug reporting page for those.
  • All mail sent to the Security Team that does not relate to security problems in Apache software will be ignored.

VERY IMPORTANT

  • Do not submit security reports regarding vulnerabilities to our bug reporting system. This may inadvertently publicize the security vulnerability. Instead follow the steps on the ASF Security Page.

Security Standards

Apache XML Graphics Project vulnerabilities are labeled with CVE (Common Vulnerabilities and Exposures) identifiers.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE