Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/25/2

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://security.gentoo.org/glsa/202401-11

https://www.debian.org/security/2022/dsa-5264

Related Vulnerabilities

CVE-2023-49293 Vulnerability in npm package vite

CVE-2022-0436 Vulnerability in maven package org.webjars.npm:grunt

CVE-2022-37616 Vulnerability in maven package org.webjars.npm:xmldom

CVE-2020-7687 Vulnerability in npm package fast-http

CVE-2019-16775 Vulnerability in maven package org.webjars.npm:bin-links

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory