Description
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/25/3
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
https://security.gentoo.org/glsa/202401-11
https://www.debian.org/security/2022/dsa-5264
Related Vulnerabilities
CVE-2021-39239 Vulnerability in maven package org.apache.jena:jena-core
CVE-2019-0188 Vulnerability in maven package org.apache.camel:camel-xmljson
CVE-2023-27095 Vulnerability in maven package cn.hippo4j:hippo4j-core
CVE-2018-1000136 Vulnerability in npm package electron
CVE-2021-23384 Vulnerability in npm package koa-remove-trailing-slashes