CVE-2022-42890

CVE-2022-42890: Apache Batik prior to 1.16 allows RCE via scripting

Vendor Apache Software Foundation

Product Apache XML Graphics

Published October 25, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Key dates

Disclosure timeline

October 25, 2022 CVE published

August 3, 2024 Record updated