GHSA-r29w-r9ph-vm76
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r29w-r9ph-vm76
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-r29w-r9ph-vm76/GHSA-r29w-r9ph-vm76.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r29w-r9ph-vm76
- Aliases
- Published
- 2022-10-25T19:00:29Z
- Modified
- 2024-02-16T08:05:00.323915Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Apache XML Graphics Batik vulnerable to code execution via SVG.
- Details
-
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
- Database specific
{ "nvd_published_at": "2022-10-25T17:15:00Z", "cwe_ids": [ "CWE-918" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-10-25T23:10:27Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-41704
- https://github.com/apache/xmlgraphics-batik/commit/905f368b50c2567cf2c4869a0ab596a7b1b5125c
- https://issues.apache.org/jira/browse/BATIK-1338
- https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
- https://security.gentoo.org/glsa/202401-11
- https://www.debian.org/security/2022/dsa-5264
- https://xmlgraphics.apache.org/security.html
- http://svn.apache.org/repos/asf/xmlgraphics/batik/trunk
- http://www.openwall.com/lists/oss-security/2022/10/25/2
Affected packages
Maven / org.apache.xmlgraphics:batik
Package
- Name
- org.apache.xmlgraphics:batik
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.xmlgraphics/batik