CVE-2022-41704 – org.apache.xmlgraphics:batik

Package

Manager: maven
Name: org.apache.xmlgraphics:batik
Vulnerable Version: >=0 <1.16

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00225 pctl0.45082

Details

Apache XML Graphics Batik vulnerable to code execution via SVG. A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Metadata

Created: 2022-10-25T19:00:29Z
Modified: 2022-10-31T15:41:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-r29w-r9ph-vm76/GHSA-r29w-r9ph-vm76.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-r29w-r9ph-vm76
Finding: F100
Auto approve: 1