Lucene search

K
cveApacheCVE-2022-42890
HistoryOct 25, 2022 - 5:15 p.m.

CVE-2022-42890

2022-10-2517:15:57
CWE-918
apache
web.nvd.nist.gov
130
6
vulnerability
batik
apache xml graphics
cve-2022-42890
java code
untrusted svg
javascript
upgrade
nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.009

Percentile

83.1%

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Affected configurations

Nvd
Vulners
Node
apachebatikRange1.0–1.16
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
VendorProductVersionCPE
apachebatik*cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache XML Graphics",
    "versions": [
      {
        "version": "Batik",
        "status": "affected",
        "lessThanOrEqual": "1.15",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.009

Percentile

83.1%