Описание
Untrusted code execution in Apache XML Graphics Batik
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-42890
- https://github.com/apache/xmlgraphics-batik/commit/401aa8595f52d085d40ff5b6b4ac0dd372423082
- https://github.com/apache/xmlgraphics-batik/commit/52f7a1ad6e3110ec295a35ffc94410eef085707a
- https://github.com/apache/xmlgraphics-batik/commit/eada57c716a2757579d53017f8b2aeadaad20edd
- https://issues.apache.org/jira/browse/BATIK-1345
- https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
- https://security.gentoo.org/glsa/202401-11
- https://www.debian.org/security/2022/dsa-5264
- https://xmlgraphics.apache.org/security.html
- http://svn.apache.org/repos/asf/xmlgraphics/batik/trunk
- http://www.openwall.com/lists/oss-security/2022/10/25/3
Пакеты
org.apache.xmlgraphics:batik
< 1.16
1.16
org.apache.xmlgraphics:batik-bridge
< 1.16
1.16
Связанные уязвимости
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to ...
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю выполнить произвольный Java-код