A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/10/25/3 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202401-11 | |
https://www.debian.org/security/2022/dsa-5264 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-10-25T00:00:00
Updated: 2024-01-07T11:06:20.509832
Reserved: 2022-10-12T00:00:00
Link: CVE-2022-42890
JSON object: View
NVD Information
Status : Modified
Published: 2022-10-25T17:15:57.637
Modified: 2024-01-07T11:15:10.500
Link: CVE-2022-42890
JSON object: View
Redhat Information
No data.
CWE