CVE-2022-42890

UNKNOWN 0.0

Apache Batik prior to 1.16 allows RCE via scripting

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Vendor	apache software foundation
Product	apache xml graphics
Published	Oct 25, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache xml graphics

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache xml graphics are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache XML Graphics

Batik ≤ 1.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly openwall.com: http://www.openwall.com/lists/oss-security/2022/10/25/3 lists.debian.org: https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html debian.org: https://www.debian.org/security/2022/dsa-5264 security.gentoo.org: https://security.gentoo.org/glsa/202401-11

Credits

This issue was independently reported by Y4tacker and 4ra1n of Chaitin Tech