Lucene search

K
githubGitHub Advisory DatabaseGHSA-RWQR-M72Q-V6CM
HistoryOct 25, 2022 - 7:00 p.m.

Untrusted code execution in Apache XML Graphics Batik

2022-10-2519:00:29
CWE-918
GitHub Advisory Database
github.com
17
apache xml graphics
batik
untrusted code execution
vulnerability
upgrade
javascript
svg

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.009

Percentile

83.1%

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Affected configurations

Vulners
Node
org.apache.xmlgraphicsbatikRange<1.16
VendorProductVersionCPE
org.apache.xmlgraphicsbatik*cpe:2.3:a:org.apache.xmlgraphics:batik:*:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.009

Percentile

83.1%