CVE-2022-42890

Apache Batik prior to 1.16 allows RCE via scripting

EPSS 2.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

25 Oct 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Affected products

Apache Software Foundation · Apache XML Graphics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html https://security.gentoo.org/glsa/202401-11 https://www.debian.org/security/2022/dsa-5264 http://www.openwall.com/lists/oss-security/2022/10/25/3