[MAVEN:GHSA-R29W-R9PH-VM76] Apache XML Graphics Batik vulnerable to code execution via SVG.

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Package	Affected Version
pkg:maven/org.apache.xmlgraphics/batik	< 1.16

Package	Fixed Version
pkg:maven/org.apache.xmlgraphics/batik	= 1.16

ID

MAVEN:GHSA-R29W-R9PH-VM76

Severity

high

URL

https://github.com/advisories/GHSA-r29w-r9ph-vm76

Published

2022-10-25T19:00:29
(23 months ago)

Modified

2024-01-08T15:35:33
(8 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-41704
			https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf
			https://github.com/apache/xmlgraphics-batik/commit/905f368b50c2567cf2c4869a0ab596a7b1b5125c
			https://issues.apache.org/jira/browse/BATIK-1338
			https://xmlgraphics.apache.org/security.html
			http://www.openwall.com/lists/oss-security/2022/10/25/2
			https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html
			https://www.debian.org/security/2022/dsa-5264
			https://security.gentoo.org/glsa/202401-11
			https://github.com/advisories/GHSA-r29w-r9ph-vm76

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.xmlgraphics/batik	org.apache.xmlgraphics	batik	< 1.16
Fixed	pkg:maven/org.apache.xmlgraphics/batik	org.apache.xmlgraphics	batik	= 1.16

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date