CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
81.6%
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
svn.apache.org/repos/asf/xmlgraphics/batik/trunk
www.openwall.com/lists/oss-security/2022/10/25/2
github.com/apache/xmlgraphics-batik/commit/905f368b50c2567cf2c4869a0ab596a7b1b5125c
issues.apache.org/jira/browse/BATIK-1338
lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
lists.debian.org/debian-lts-announce/2022/10/msg00038.html
nvd.nist.gov/vuln/detail/CVE-2022-41704
security.gentoo.org/glsa/202401-11
www.debian.org/security/2022/dsa-5264
xmlgraphics.apache.org/security.html