CVE-2022-42890

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-42890

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42890.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-42890

Aliases

GHSA-rwqr-m72q-v6cm

Downstream

DEBIAN-CVE-2022-42890

DLA-3169-1

DSA-5264-1

OESA-2023-1050

OESA-2023-1051

OESA-2023-1057

OESA-2023-1060

SUSE-SU-2024:0777-1

SUSE-SU-2024:0808-1

UBUNTU-CVE-2022-42890

USN-6117-1

openSUSE-SU-2024:13743-1

Related

Published

2022-10-25T17:15:57Z

Modified

2025-08-09T20:01:27Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

References

Affected packages

Git / github.com/apache/batik

Affected ranges

Type: GIT
Repo: https://github.com/apache/batik
Events: Introduced

1b708df57205a70c2c9fb8235ff5eab837609968

Fixed

8e94aaaf3872a670040c6faebe82c907cb380fad