Описание
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.10-2~18.04.1 |
| devel | needs-triage | |
| esm-apps/bionic | released | 1.10-2~18.04.1 |
| esm-apps/focal | released | 1.12-1ubuntu0.1 |
| esm-apps/jammy | released | 1.14-1ubuntu0.2 |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | released | 1.8-3ubuntu1+esm1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was released [1.7.ubuntu-8ubuntu2.14.04.3+esm1] |
| focal | released | 1.12-1ubuntu0.1 |
| jammy | released | 1.14-1ubuntu0.2 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
A vulnerability in Batik of Apache XML Graphics allows an attacker to ...
Untrusted code execution in Apache XML Graphics Batik
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю выполнить произвольный Java-код
EPSS
7.5 High
CVSS3