CVE-2017-5662

Name of the Vulnerable Software and Affected Versions Apache Batik versions prior to 1.9

Description The issue allows arbitrary users to reveal files on the server's filesystem by sending maliciously formed SVG files. The types of files that can be accessed depend on the user context in which the application is running. If the application is running as root, it could lead to a full server compromise, including access to confidential or sensitive files. The issue can also be used to attack the server's availability through denial of service by triggering an amplification attack using XML document references.

Recommendations For Apache Batik versions prior to 1.9, update to version 1.9 or later to resolve the issue. As a temporary workaround, consider restricting the application's user context to minimize the risk of exploitation. Avoid processing maliciously formed SVG files until the issue is resolved.