CVE-2015-0250: XML external entity vulnerability

March 24, 2015 (updated November 3, 2017)

XML external entity (XXE) vulnerability in the SVG to PNG and JPG conversion classes in this package allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

References

www.insinuator.net/2015/03/xxe-injection-in-apache-batik-library-cve-2015-0250/
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0250
www.ernw.de/download/apache_batik_xxe_advisory.txt

Code Behaviors & Features

Detect and mitigate CVE-2015-0250 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →