Description
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/25/2
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
https://security.gentoo.org/glsa/202401-11
https://www.debian.org/security/2022/dsa-5264
Related Vulnerabilities
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-embed
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets
CVE-2021-4245 Vulnerability in npm package rfc6902
CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2020-11023 Vulnerability in maven package org.webjars.npm:jquery