Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-42890

Published: 25/10/2022 Updated: 08/12/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Subscribe to Apache

Vulnerability Summary

A vulnerability in Batik of Apache XML Graphics allows an malicious user to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics before 1.16. Users are recommended to upgrade to version 1.16.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache batik

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5264-1 batik -- security update
It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file For the stable distribution (bullseye), these problems have been fixed in version 112-4+deb11u1 We recommend that you upgrade your batik packages For the detailed security status of batik please refer to i ...
Amazon Linux AMI: ALAS-2023-1695
Apache Batik 113 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests (CVE-2020-11987) Server-Side Request Forgery (SSRF) vulnerability in Batik of A ...
Amazon Linux 2: ALAS2-2023-1966
Apache Batik 113 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests (CVE-2020-11987) Server-Side Request Forgery (SSRF) vulnerability in Batik of A ...

Github Repositories

CVE-2022-42890 A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript This issue affects Apache XML Graphics prior to 116 Users are recommended to upgrade to version 116 authentication complexity vector not available not available not available confidentiality integrity availability not availab

References

CWE-918https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwlyhttp://www.openwall.com/lists/oss-security/2022/10/25/3https://lists.debian.org/debian-lts-announce/2022/10/msg00038.htmlhttps://www.debian.org/security/2022/dsa-5264https://github.com/Live-Hack-CVE/CVE-2022-42890https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5264
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-25675CVE-2023-21072physicalCVE-2023-28446encryptionCVE-2023-21076server-side request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook