# Apache Batik SSRF to RCE Jar Exploit
www.zerodayinitiative.com
Quick video demonstrating:
Poc contains:
- SSRF
- RCE via jar
- RCE via ecmascript
Zero Day Initiative — Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
Introduction I stumbled upon the Apache Batik library while researching other Java-based products. It immediately caught my attention, as this library parses Scalable Vector Graphics (SVG) files and transforms them into different raster graphics formats (i.e., PNG, PDF, or JPEG). I was even more e
www.zerodayinitiative.com
Quick video demonstrating:
Poc contains:
- SSRF
- RCE via jar
- RCE via ecmascript