Posted by Kevin Schaller on Mar 22

XML External Entity (XXE) Injection Vulnerability in Apache Batik (Java
SVG Toolkit)
====================================================================================
Researcher: Kevin Schaller <kschaller () ernw de>

Description
===========
Batik is a Java-based toolkit for applications or applets that want to
use images in the
Scalable Vector Graphics (SVG) format for various purposes, such as
display, generation or
manipulation. [1]…