A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2022/10/25/2 | Mailing List Third Party Advisory |
| https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf | Vendor Advisory |
| https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html | Mailing List Third Party Advisory |
| https://security.gentoo.org/glsa/202401-11 | |
| https://www.debian.org/security/2022/dsa-5264 | Third Party Advisory |
Configurations
History
30 Oct 2022, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
29 Oct 2022, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
28 Oct 2022, 18:20
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MLIST) http://www.openwall.com/lists/oss-security/2022/10/25/2 - Mailing List, Third Party Advisory | |
| References | (MISC) https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf - Vendor Advisory | |
| CWE | CWE-918 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:* |
25 Oct 2022, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-25 17:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-41704
Mitre link : CVE-2022-41704
CVE.ORG link : CVE-2022-41704
JSON object : View
Products Affected
debian
- debian_linux
apache
- batik
CWE
CWE-918
Server-Side Request Forgery (SSRF)