OESA-2023-1050

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1050
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1050.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1050
Upstream
Published
2023-02-03T11:04:50Z
Modified
2025-08-12T05:15:11.030157Z
Summary
batik security update
Details

Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function.

Security Fix(es):

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.(CVE-2022-41704)

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.(CVE-2022-42890)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP1 / batik

Package

Name
batik
Purl
pkg:rpm/openEuler/batik&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10-7.oe2203sp1

Ecosystem specific 

{
    "src": [
        "batik-1.10-7.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "batik-1.10-7.oe2203sp1.noarch.rpm",
        "batik-help-1.10-7.oe2203sp1.noarch.rpm"
    ]
}