Date: Tue, 25 Oct 2022 11:27:47 +0100 From: "Simon Steiner" <simonsteiner1984@...il.com> To: <general@...graphics.apache.org>, <batik-dev@...graphics.apache.org>, <batik-users@...graphics.apache.org>, "'Apache Security Team'" <security@...che.org>, <oss-security@...ts.openwall.com> Subject: [CVE-2022-41704] Apache Batik information disclosure vulnerability CVE-2022-41704: Apache Batik information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Batik 1.0 - 1.15 Description: Block loading jars by default to avoid running untrusted code Mitigation: Users should upgrade to Batik 1.16+ Credit: This issue was independently reported by Y4tacker and 4ra1n of Chaitin Tech and pwnull References: http://xmlgraphics.apache.org/security.html https://issues.apache.org/jira/browse/BATIK-1338 The Apache XML Graphics team.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.