CVE-2022-42890 Vulnerability in maven package org.apache.xmlgraphics:batik-script

Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/25/3

https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://security.gentoo.org/glsa/202401-11

https://www.debian.org/security/2022/dsa-5264

Related Vulnerabilities

CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard

CVE-2023-26133 Vulnerability in npm package progressbar.js

CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents.client5:httpclient5

CVE-2020-7707 Vulnerability in npm package property-expr

CVE-2021-23373 Vulnerability in npm package set-deep-prop

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N