← Zuruck zu CVEs
CVE-2022-42890
HIGH7.5
Beschreibung
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/25/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apache:batikdebian:debian_linux
Schwachen (CWE)
CWE-918
Referenzen
http://www.openwall.com/lists/oss-security/2022/10/25/3(security@apache.org)
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly(security@apache.org)
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html(security@apache.org)
https://security.gentoo.org/glsa/202401-11(security@apache.org)
https://www.debian.org/security/2022/dsa-5264(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/10/25/3(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-11(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5264(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.