CVE-2022-38648 SSRF vulnerability in Batik of Apache XML Graphics allows attacker to fetch external resources.
The Apache XML Graphics Batik library is an open source library licensed under the Apache License 2.0. It provides a bridge between the needs of designers and rendering specialists with the needs of content producers by providing a well-defined, structured XML language and a simple but powerful API for generating HTML5/CSS3/JS/PDF documents. Apache XML Graphics is best suited for creating interactive and dynamic documents that require high performance, scalability, and flexibility. It is widely used in corporate intranets, enterprise software, web applications, mobile apps, and other scenarios where the need for a simple and fast XML-based language for generating HTML5/CSS3/JS/PDF documents exists.
Overview of the Batik Library
The Batik library is a Java-based library that supports the creation of dynamic, interactive documents. It provides its users with an XML-based language which allows for the creation of HTML5, CSS3, and JS documents. The interface of the library is based on a very flexible grammar system that is designed to allow users to express their design needs as text in an XML file. Its API is powerful and straightforward, but not too complex for designers to use. The API also provides design flexibility by allowing users to group code into components that can be reused in different parts of the document or project.
With Batik there is no need for developers to create nasty code or deal with complex interfaces like Flash or other tools do. You can simply write your design requirements as well as your code using simple XML files. This saves you time and energy when designing and coding your web pages. With Batik you have access to several features including:
The Apache XML Graphics library and its components
The Apache XML Graphics library is an open source library licensed under the Apache License 2.0 and includes five separate components:
- Batik, an XSLT/XPath processing engine
- A PDF rendering engine
- A Flash rendering engine
- The XML Graphics Language Service Provider (GLSP)
- The XML Graphics Transformation Processor (GXP)
Overview of the Apache XML Graphics Library
Apache XML Graphics (Batik) is an open source library that provides a bridge between the needs of designers and rendering specialists with the needs of content producers by providing well-defined, structured XML language and a simple but powerful API for generating HTML5/CSS3/JS/PDF documents. Apache XML Graphics is best suited for creating interactive and dynamic documents that require high performance, scalability, flexibility, and high-speed capabilities. It is widely used in corporate intranets, enterprise software, web applications, mobile apps, and other scenarios where the need for a simple and fast language for document generation exists. Batik has been deployed across many large enterprise websites including those from Oracle Corporation (Oracle Intranet), Blue Cross Blue Shield Association (BCBS America), Barclays Bank plc (Barclays Intranet), HBO Asian Network Limited (HBO Asia network), Balfour Beatty plc (Balfour Beatty Intranet), RMS Ltd. (Royal Mail Intranet), Guardian News & Media Ltd. (Guardian News & Media Intranet) to name just a few.
How to install Apache XML Graphics?
The Apache XML Graphics Batik library is a Java component. To install it, you must have at least one Java runtime on your system or be using the Oracle JVM. The following are the steps to download and install Apache XML Graphics:
1) Go to http://xmlgraphics.apache.org/batik/downloads.html and download the appropriate jar file for Version 2 (e.g., apache-xmlgraphics-2.12-bin.jar)
2) Double click on the jar file to extract its contents into a folder
3) Copy the extracted folder somewhere else on your system, for example, c:\batik\
4) Open a command line window and change directory to where you copied batik
5) Run java -jar
Timeline
Published on: 09/22/2022 15:15:00 UTC
Last modified on: 09/23/2022 18:56:00 UTC