Description
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
Remediation
References
https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
http://www.openwall.com/lists/oss-security/2022/10/25/2
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
https://www.debian.org/security/2022/dsa-5264
https://security.gentoo.org/glsa/202401-11
Related Vulnerabilities
CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage
CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:blazeds-core
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2017-12624 Vulnerability in maven package org.apache.cxf:cxf-rt-frontend-jaxrs
CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source