Description
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/25/2
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
https://security.gentoo.org/glsa/202401-11
https://www.debian.org/security/2022/dsa-5264
Related Vulnerabilities
CVE-2020-1958 Vulnerability in maven package org.apache.druid.extensions:druid-basic-security
CVE-2023-40344 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2022-27200 Vulnerability in maven package io.jenkins.plugins:folder-auth
CVE-2021-37305 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:momentjs