CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
83.1%
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
Vendor | Product | Version | CPE |
---|---|---|---|
org.apache.xmlgraphics | batik | * | cpe:2.3:a:org.apache.xmlgraphics:batik:*:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2022/10/25/3
github.com/advisories/GHSA-rwqr-m72q-v6cm
github.com/apache/xmlgraphics-batik/commit/401aa8595f52d085d40ff5b6b4ac0dd372423082
github.com/apache/xmlgraphics-batik/commit/52f7a1ad6e3110ec295a35ffc94410eef085707a
github.com/apache/xmlgraphics-batik/commit/eada57c716a2757579d53017f8b2aeadaad20edd
issues.apache.org/jira/browse/BATIK-1345
lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
lists.debian.org/debian-lts-announce/2022/10/msg00038.html
nvd.nist.gov/vuln/detail/CVE-2022-42890
security.gentoo.org/glsa/202401-11
www.debian.org/security/2022/dsa-5264
xmlgraphics.apache.org/security.html