A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2022/10/25/3 | Mailing List Third Party Advisory |
| https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly | Vendor Advisory |
| https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html | Mailing List Third Party Advisory |
| https://security.gentoo.org/glsa/202401-11 | |
| https://www.debian.org/security/2022/dsa-5264 | Third Party Advisory |
Configurations
History
30 Oct 2022, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
29 Oct 2022, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
28 Oct 2022, 18:19
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CWE | CWE-918 | |
| CPE | cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:* | |
| References | (MISC) https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly - Vendor Advisory | |
| References | (MLIST) http://www.openwall.com/lists/oss-security/2022/10/25/3 - Mailing List, Third Party Advisory |
25 Oct 2022, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-25 17:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-42890
Mitre link : CVE-2022-42890
CVE.ORG link : CVE-2022-42890
JSON object : View
Products Affected
debian
- debian_linux
apache
- batik
CWE
CWE-918
Server-Side Request Forgery (SSRF)