Vulnerability Database

320,116

Total vulnerabilities in the database

CVE-2022-44730

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.

A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

Published: Aug 22, 2023
Updated: Nov 16, 2025
CVE: CVE-2022-44730
GHSA: GHSA-2474-2566-3qxp
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
org.apache.xmlgraphics / batik-script	1.0	1.17
apache / xml_graphics_batik	1.0	1.16.x
debian / debian_linux	10.0	10.0.x

http://www.openwall.com/lists/oss-security/2023/08/22/3
http://www.openwall.com/lists/oss-security/2023/08/22/5
https://github.com/apache/xmlgraphics-batik/commit/64658ccda90deaf6bf5f5b4d4a2ec365fe648bfa
https://github.com/apache/xmlgraphics-batik/commit/f9ae69233eadfbd392a4a08a55618f97343b467c
https://issues.apache.org/jira/browse/BATIK-1347
https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0
https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
https://security.gentoo.org/glsa/202401-11
https://xmlgraphics.apache.org/security.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo