Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yMjl3LXI5cGgtdm03Ns4AAvic
Apache XML Graphics Batik vulnerable to code execution via SVG.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
Permalink: https://github.com/advisories/GHSA-r29w-r9ph-vm76JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMjl3LXI5cGgtdm03Ns4AAvic
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 4 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-r29w-r9ph-vm76, CVE-2022-41704
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41704
- https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
- https://github.com/apache/xmlgraphics-batik/commit/905f368b50c2567cf2c4869a0ab596a7b1b5125c
- https://issues.apache.org/jira/browse/BATIK-1338
- https://xmlgraphics.apache.org/security.html
- http://www.openwall.com/lists/oss-security/2022/10/25/2
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
- https://www.debian.org/security/2022/dsa-5264
- https://security.gentoo.org/glsa/202401-11
- https://github.com/advisories/GHSA-r29w-r9ph-vm76
Blast Radius: 5.8
Affected Packages
maven:org.apache.xmlgraphics:batik
Dependent packages: 0Dependent repositories: 6
Downloads:
Affected Version Ranges: < 1.16
Fixed in: 1.16
All affected versions: 1.9.1
All unaffected versions: