Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Remediation

References

https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf

http://www.openwall.com/lists/oss-security/2022/10/25/2

https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html

https://www.debian.org/security/2022/dsa-5264

https://security.gentoo.org/glsa/202401-11

Related Vulnerabilities

CVE-2023-49799 Vulnerability in npm package nuxt-api-party

CVE-2013-1965 Vulnerability in maven package org.apache.struts:struts-core

CVE-2023-38905 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core

CVE-2020-2138 Vulnerability in maven package org.jenkins-ci.plugins:cobertura

CVE-2022-4361 Vulnerability in maven package org.keycloak:keycloak-services

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory