Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/25/2

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://security.gentoo.org/glsa/202401-11

https://www.debian.org/security/2022/dsa-5264

Related Vulnerabilities

CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-embed

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets

CVE-2021-4245 Vulnerability in npm package rfc6902

CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable

CVE-2020-11023 Vulnerability in maven package org.webjars.npm:jquery

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory