CVE-2022-42890 – org.apache.xmlgraphics:batik

Package

Manager: maven
Name: org.apache.xmlgraphics:batik
Vulnerable Version: >=0 <1.16

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00225 pctl0.45082

Details

Untrusted code execution in Apache XML Graphics Batik A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Metadata

Created: 2022-10-25T19:00:29Z
Modified: 2022-10-31T15:41:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-rwqr-m72q-v6cm/GHSA-rwqr-m72q-v6cm.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-rwqr-m72q-v6cm
Finding: F100
Auto approve: 1