CVE-2022-41704

Name of the Vulnerable Software and Affected Versions Apache XML Graphics versions prior to 1.16 Confluence Data Center and Server versions 7.13.0 through 7.19.0, specifically versions prior to 7.19.16

Description A vulnerability in the Apache Batik library for working with SVG images is related to insufficient checking of incoming requests. This issue allows an attacker to run untrusted Java code from an SVG, potentially enabling remote execution of arbitrary Java code. The estimated impact of this issue is high, with potential exposure of assets in the environment susceptible to exploitation, affecting confidentiality.

Recommendations For Apache XML Graphics versions prior to 1.16, update to version 1.16. For Confluence Data Center and Server versions 7.13.0 through 7.19.0, upgrade to a release greater than or equal to 7.19.16. As a temporary workaround, consider restricting the use of SVG images in your environment until the issue is resolved.