Описание
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | batik | Out of support scope | ||
| Red Hat Integration Camel K 1 | batik | Will not fix | ||
| Red Hat Integration Camel Quarkus 2 | batik | Will not fix | ||
| Red Hat JBoss Data Grid 7 | batik | Out of support scope | ||
| Red Hat Process Automation 7 | batik | Out of support scope | ||
| Red Hat Fuse 7.12 | batik | Fixed | RHSA-2023:3954 | 29.06.2023 |
| RHINT Camel-Springboot 3.20.1 | batik | Fixed | RHSA-2023:2100 | 03.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to ...
Untrusted code execution in Apache XML Graphics Batik
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю выполнить произвольный Java-код
EPSS
7.5 High
CVSS3