Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/25/2

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://security.gentoo.org/glsa/202401-11

https://www.debian.org/security/2022/dsa-5264

Related Vulnerabilities

CVE-2023-27495 Vulnerability in npm package @fastify/csrf-protection

CVE-2020-7679 Vulnerability in maven package org.webjars.bower:casperjs

CVE-2022-36882 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2023-23936 Vulnerability in maven package org.webjars.npm:undici

CVE-2022-39353 Vulnerability in npm package xmldom

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory