The Apache™ XML Graphics Project - Security

Published Vulnerabilities

The Apache™ XML Graphics Project has collected its Security related information for all of its sub-projects to this page.

Apache™ Batik Project - Apache Batik Security

Fixed in Batik 1.17

medium: SSRF vulnerability CVE-2022-44729

Issue Public: 2023年08月22日

Update Released: 2023年08月22日 (Batik 1.17)

Fixed in Batik 1.17

medium: SSRF vulnerability CVE-2022-44730

Issue Public: 2023年08月22日

Update Released: 2023年08月22日 (Batik 1.17)

Fixed in Batik 1.16

medium: SSRF vulnerability CVE-2022-42890

Issue Public: 2022年10月25日

Update Released: 2022年10月25日 (Batik 1.16)

Fixed in Batik 1.16

medium: SSRF vulnerability CVE-2022-41704

Issue Public: 2022年10月25日

Update Released: 2022年10月25日 (Batik 1.16)

Fixed in Batik 1.15

medium: SSRF vulnerability CVE-2022-38398

Issue Public: 2022年09月22日

Update Released: 2022年09月22日 (Batik 1.15)

Fixed in Batik 1.15

medium: SSRF vulnerability CVE-2022-38648

Issue Public: 2022年09月22日

Update Released: 2022年09月22日 (Batik 1.15)

Fixed in Batik 1.15

medium: SSRF vulnerability CVE-2022-40146

Issue Public: 2022年09月22日

Update Released: 2022年09月22日 (Batik 1.15)

Fixed in Batik 1.14

medium: SSRF vulnerability CVE-2020-11987

Issue Public: 2021年02月24日

Update Released: 2021年01月20日 (Batik 1.14)

Affects: 1.13 and earlier

Fixed in Batik 1.13

medium: SSRF vulnerability CVE-2019-17566

Issue Public: 2020年06月15日

Update Released: 2020年05月13日 (Batik 1.13)

Affects: 1.12 and earlier

Fixed in Batik 1.10

medium: Deserialization vulnerability CVE-2018-8013

Issue Public: 2018年05月23日

Update Released: 2018年05月23日 (Batik 1.10)

Affects: 1.9.1 and earlier

Fixed in Batik 1.9

medium: XXE vulnerability CVE-2017-5662

Issue Public: 2017年04月18日

Update Released: 2017年04月10日 (Batik 1.9)

Affects: 1.8 and earlier

Fixed in Batik 1.8, 1.7.1 and 1.6.1

medium: XXE vulnerability CVE-2015-0250

Issue Public: 2012年07月25日

Update Released: 2015年03月17日 (Batik 1.8) and 2015年05月10日 (Batik 1.7.1 and 1.6.1)

Affects: 1.7, 1.6 and earlier

Apache™ FOP Project - Apache FOP Security

Fixed in FOP 2.10

medium: XXE vulnerability CVE-2024-28168

Issue Public: 2024年10月9日

Update Released: 2024年10月9日 (FOP 2.10)

Fixed in FOP 2.2

medium: XXE vulnerability CVE-2017-5661

Issue Public: 2017年04月18日

Update Released: 2017年04月10日 (FOP 2.2)

Affects: 2.1 and earlier

Apache™ XML Graphics Commons Project - Apache XML Graphics Commons Security

Fixed in Commons 2.6

medium: XXE vulnerability CVE-2020-11988

Issue Public: 2021年02月24日

Update Released: 2021年01月20日 (Commons 2.6)

Affects: 2.4 and earlier

Reporting New Security Problems with the Apache XML Graphics Sub Projects

Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the ASF Security Team for further information and contact information.

IMPORTANT

• The ASF Security Team cannot accept regular bug reports or other queries. We ask that you use our bug reporting page for those.
• All mail sent to the Security Team that does not relate to security problems in Apache software will be ignored.

VERY IMPORTANT

• Do not submit security reports regarding vulnerabilities to our bug reporting system. This may inadvertently publicize the security vulnerability. Instead follow the steps on the ASF Security Page.

Security Standards

Apache XML Graphics Project vulnerabilities are labeled with CVE (Common Vulnerabilities and Exposures) identifiers.

Copyright © 2025 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
Apache, Apache XML Graphics, Apache FOP, Apache Batik, the Apache logo, and the Apache XML Graphics logos are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.