Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/25/2

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://security.gentoo.org/glsa/202401-11

https://www.debian.org/security/2022/dsa-5264

Related Vulnerabilities

CVE-2020-28503 Vulnerability in maven package org.webjars.npm:copy-props

CVE-2021-43306 Vulnerability in maven package org.webjars.bowergithub.jquery-validation:jquery-validation

CVE-2019-0188 Vulnerability in maven package org.apache.camel:camel-xmljson

CVE-2019-3795 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2020-1945 Vulnerability in maven package org.apache.ant:ant

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory