CVE-2022-42890

Summary

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache XML GraphicsBatik <= 1.15affected

Weaknesses

  • Remote code execution via batik scripting

ADP Enrichment

CVE Program Container

Additional References

References