Описание
In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.10-1 |
| cosmic | not-affected | 1.10-1 |
| devel | not-affected | 1.10-1 |
| disco | not-affected | 1.10-1 |
| eoan | not-affected | 1.10-1 |
| esm-apps/bionic | not-affected | 1.10-1 |
| esm-apps/focal | not-affected | 1.10-1 |
| esm-apps/jammy | not-affected | 1.10-1 |
| esm-apps/noble | not-affected | 1.10-1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
In Apache Batik 1.x before 1.10, when deserializing subclass of `Abstr ...
Deserialization of Untrusted Data in Apache Batik
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю получить доступ к защищаемым данным или вызвать отказ в обслуживании
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3