CVE-2022-42890
N/A
N/A
Summary
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache XML Graphics | Batik <= 1.15 | affected |
Weaknesses
- Remote code execution via batik scripting
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
- http://www.openwall.com/lists/oss-security/2022/10/25/3
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
- https://www.debian.org/security/2022/dsa-5264
- https://security.gentoo.org/glsa/202401-11
References
- https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
- http://www.openwall.com/lists/oss-security/2022/10/25/3
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
- https://www.debian.org/security/2022/dsa-5264
- https://security.gentoo.org/glsa/202401-11
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.