Bug 1204704 - (CVE-2022-41704) VUL-0: CVE-2022-41704: xmlgraphics-batik: Apache Batik information disclosure vulnerability
(CVE-2022-41704)
VUL-0: CVE-2022-41704: xmlgraphics-batik: Apache Batik information disclosure...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Fridrich Strba
Security Team bot
https://smash.suse.de/issue/346112/
CVSSv3.1:SUSE:CVE-2022-41704:5.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-25 11:13 UTC by Stoyan Manolov
Modified: 2023-01-02 17:53 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
stoyan.manolov: needinfo? (fstrba)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stoyan Manolov 2022-10-25 11:13:44 UTC
CVE-2022-41704

Posted by Simon Steiner on Oct 25CVE-2022-41704:
        Apache Batik information disclosure vulnerability

Severity:
        Medium

Vendor:
        The Apache Software Foundation

Versions Affected:
        Batik 1.0 - 1.15

Description:
        Block loading jars by default to avoid running untrusted code

Mitigation:
        Users should upgrade to Batik 1.16+

Credit:
        This issue was independently reported by Y4tacker and 4ra1n of
Chaitin Tech and pwnull

References:...

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41704
https://seclists.org/oss-sec/2022/q4/42