Max CVSS 7.9 Min CVSS 7.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-8013 7.5
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before
07-01-2024 - 11:15 24-05-2018 - 16:29
CVE-2017-5662 7.9
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable ap
20-10-2020 - 22:15 18-04-2017 - 14:59
Back to Top Mark selected
Back to Top