Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
https://www.tenable.com/blog/oracle-october-2022-critical-patch-update-addresses-179-cves
https://xmlgraphics.apache.org/security.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://security.gentoo.org/glsa/202401-11
https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html