Vulnerability Description
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Batik | >= 1.0, < 1.16 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/10/25/3Mailing ListThird Party Advisory
- https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwlyVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202401-11
- https://www.debian.org/security/2022/dsa-5264Third Party Advisory
- http://www.openwall.com/lists/oss-security/2022/10/25/3Mailing ListThird Party Advisory
- https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwlyVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00038.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202401-11
- https://www.debian.org/security/2022/dsa-5264Third Party Advisory
FAQ
What is CVE-2022-42890?
CVE-2022-42890 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to up...
How severe is CVE-2022-42890?
CVE-2022-42890 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42890?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Batik, Debian Debian Linux.