ai.tock:tock-shared (>=19.9.4 <=26.3.2), at.austriapro:ebinterface-rendering (>=1.0.0 <=1.0.1) +1501 more potentially affected by CVE-2022-44730 via org.apache.xmlgraphics:batik-script (>=1.10 <=1.16)

org.apache.xmlgraphics:batik-script MAVEN version =1.10, =19.9.4, =1.0.0, =1.0.7, =0.2.1, =0.5.0, =0.11.1, =0.0.2, =0.0.1, =0.0.1, =25.6.0, =25.11.0 and more Source cves: CVE-2022-44730 Source advisory: OSV:GHSA-2474-2566-3QXP...

Information Disclosure

batik-script is vulnerable to information disclosure. The vulnerability is due to the visibleToScripts function in RhinoClassShutter.java not restricting access to batik internals from script which allows an attacker to execute arbitrary codes...