CVE-2022-41704

Summary

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache XML GraphicsBatik <= 1.15affected

Weaknesses

  • A jar file can be loaded from svg script element

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References