mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
100 lines
3.3 KiB
JSON
100 lines
3.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"ID": "CVE-2022-41704",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache XML Graphics",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "Batik",
|
|
"version_value": "1.15"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This issue was independently reported by 4ra1n of Chaitin Tech and pwnull"
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": [
|
|
{}
|
|
],
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A jar file can be loaded from svg script element"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf",
|
|
"name": "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20221025 [CVE-2022-41704] Apache Batik information disclosure vulnerability",
|
|
"url": "http://www.openwall.com/lists/oss-security/2022/10/25/2"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3169-1] batik security update",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-5264",
|
|
"url": "https://www.debian.org/security/2022/dsa-5264"
|
|
},
|
|
{
|
|
"refsource": "GENTOO",
|
|
"name": "GLSA-202401-11",
|
|
"url": "https://security.gentoo.org/glsa/202401-11"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |