Описание
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| batik | fixed | 1.16+dfsg-1 | package |
Примечания
https://www.openwall.com/lists/oss-security/2022/10/25/3
https://issues.apache.org/jira/browse/BATIK-1345
http://svn.apache.org/viewvc?view=revision&revision=1904549
EPSS
Связанные уязвимости
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
Untrusted code execution in Apache XML Graphics Batik
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю выполнить произвольный Java-код
EPSS