The Apache™ XML Graphics Project - Security
Published Vulnerabilities
The Apache™ XML Graphics Project has collected its Security related information for all of its sub-projects to this page.
Apache™ Batik Project - Apache Batik Security
Fixed in Batik 1.17
medium: SSRF vulnerability CVE-2022-44729
Issue Public: 2023-08-22
Update Released: 2023-08-22 (Batik 1.17)
Fixed in Batik 1.17
medium: SSRF vulnerability CVE-2022-44730
Issue Public: 2023-08-22
Update Released: 2023-08-22 (Batik 1.17)
Fixed in Batik 1.16
medium: SSRF vulnerability CVE-2022-42890
Issue Public: 2022-10-25
Update Released: 2022-10-25 (Batik 1.16)
Fixed in Batik 1.16
medium: SSRF vulnerability CVE-2022-41704
Issue Public: 2022-10-25
Update Released: 2022-10-25 (Batik 1.16)
Fixed in Batik 1.15
medium: SSRF vulnerability CVE-2022-38398
Issue Public: 2022-09-22
Update Released: 2022-09-22 (Batik 1.15)
Fixed in Batik 1.15
medium: SSRF vulnerability CVE-2022-38648
Issue Public: 2022-09-22
Update Released: 2022-09-22 (Batik 1.15)
Fixed in Batik 1.15
medium: SSRF vulnerability CVE-2022-40146
Issue Public: 2022-09-22
Update Released: 2022-09-22 (Batik 1.15)
Fixed in Batik 1.14
medium: SSRF vulnerability CVE-2020-11987
Issue Public: 2021-02-24
Update Released: 2021-01-20 (Batik 1.14)
Affects: 1.13 and earlier
Fixed in Batik 1.13
medium: SSRF vulnerability CVE-2019-17566
Issue Public: 2020-06-15
Update Released: 2020-05-13 (Batik 1.13)
Affects: 1.12 and earlier
Fixed in Batik 1.10
medium: Deserialization vulnerability CVE-2018-8013
Issue Public: 2018-05-23
Update Released: 2018-05-23 (Batik 1.10)
Affects: 1.9.1 and earlier
Fixed in Batik 1.9
medium: XXE vulnerability CVE-2017-5662
Issue Public: 2017-04-18
Update Released: 2017-04-10 (Batik 1.9)
Affects: 1.8 and earlier
Fixed in Batik 1.8, 1.7.1 and 1.6.1
medium: XXE vulnerability CVE-2015-0250
Issue Public: 2012-07-25
Update Released: 2015-03-17 (Batik 1.8) and 2015-05-10 (Batik 1.7.1 and 1.6.1)
Affects: 1.7, 1.6 and earlier
Apache™ FOP Project - Apache FOP Security
Fixed in FOP 2.10
medium: XXE vulnerability CVE-2024-28168
Issue Public: 2024-10-9
Update Released: 2024-10-9 (FOP 2.10)
Fixed in FOP 2.2
medium: XXE vulnerability CVE-2017-5661
Issue Public: 2017-04-18
Update Released: 2017-04-10 (FOP 2.2)
Affects: 2.1 and earlier
Apache™ XML Graphics Commons Project - Apache XML Graphics Commons Security
Fixed in Commons 2.6
medium: XXE vulnerability CVE-2020-11988
Issue Public: 2021-02-24
Update Released: 2021-01-20 (Commons 2.6)
Affects: 2.4 and earlier
Reporting New Security Problems with the Apache XML Graphics Sub Projects
Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the ASF Security Team for further information and contact information.
IMPORTANT
- The ASF Security Team cannot accept regular bug reports or other queries. We ask that you use our bug reporting page for those.
- All mail sent to the Security Team that does not relate to security problems in Apache software will be ignored.
VERY IMPORTANT
- Do not submit security reports regarding vulnerabilities to our bug reporting system. This may inadvertently publicize the security vulnerability. Instead follow the steps on the ASF Security Page.
Security Standards
Apache XML Graphics Project vulnerabilities are labeled with CVE (Common Vulnerabilities and Exposures) identifiers.