CVE-2022-42890

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache XML Graphics versions prior to 1.16 Confluence Data Center and Server versions 7.13.0 and 7.19.0

Description A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue is related to insufficient checking of incoming requests. The exploitation of this issue may allow a remote attacker to execute arbitrary Java code.

Recommendations For Apache XML Graphics versions prior to 1.16, upgrade to version 1.16. For Confluence Data Center and Server version 7.19, upgrade to a release greater than or equal to 7.19.16.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2022-06659

CVE-2022-42890

DLA-3169-1

DSA-5264-1

GHSA-RWQR-M72Q-V6CM

MGASA-2024-0068

OESA-2023-1050

OESA-2023-1051

OESA-2023-1057

OESA-2023-1060

OPENSUSE-SU-2024:13743-1

OPENSUSE-SU-2024_0808-1

ROSA-SA-2023-2239

SUSE-SU-2024:0777-1

SUSE-SU-2024:0808-1

USN-6117-1

Affected Products

Apache Xml Graphics

Astra Linux

Batik

Confluence

Jira

Linuxmint

Red Os

Suse

Ubuntu

CVE-2022-42890

Weakness Enumeration

Related Identifiers

Affected Products

References · 80