Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yd3FyLW03MnEtdjZjbc4AAvib

Untrusted code execution in Apache XML Graphics Batik

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Permalink: https://github.com/advisories/GHSA-rwqr-m72q-v6cm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yd3FyLW03MnEtdjZjbc4AAvib
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 4 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-rwqr-m72q-v6cm, CVE-2022-42890
References:

Repository: https://github.com/apache/xmlgraphics-batik
Blast Radius: 5.8

Affected Packages

maven:org.apache.xmlgraphics:batik

Dependent packages: 0
Dependent repositories: 6
Downloads:
Affected Version Ranges: < 1.16
Fixed in: 1.16
All affected versions: 1.9.1
All unaffected versions: