Bug 1204709 - (CVE-2022-42890) VUL-0: CVE-2022-42890: xmlgraphics-batik: Apache Batik information disclosure vulnerability
(CVE-2022-42890)
VUL-0: CVE-2022-42890: xmlgraphics-batik: Apache Batik information disclosure...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Fridrich Strba
Security Team bot
https://smash.suse.de/issue/346116/
CVSSv3.1:SUSE:CVE-2022-42890:5.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-25 13:14 UTC by Stoyan Manolov
Modified: 2023-01-02 17:53 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
stoyan.manolov: needinfo? (fstrba)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stoyan Manolov 2022-10-25 13:14:45 UTC
CVE-2022-42890

Posted by Simon Steiner on Oct 25CVE-2022-42890:
        Apache Batik information disclosure vulnerability

Severity:
        Medium

Vendor:
        The Apache Software Foundation

Versions Affected:
        Batik 1.0 - 1.15

Description:
        Restrict what java classes can be run thru JavaScript

Mitigation:
        Users should upgrade to Batik 1.16+

Credit:
        This issue was independently reported by Y4tacker and 4ra1n of
Chaitin Tech

References:...

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42890
https://seclists.org/oss-sec/2022/q4/43