- Vulnerability/
- USN-6117-1
USN-6117-1: Apache Batik vulnerabilities
First published: Tue May 30 2023(Updated: )
It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648) It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. (CVE-2022-40146) It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libbatik-java | <1.14-2ubuntu0.1 | 1.14-2ubuntu0.1 |
| =22.10 | ||
| All of | ||
| ubuntu/libbatik-java | <1.14-1ubuntu0.2 | 1.14-1ubuntu0.2 |
| =22.04 | ||
| All of | ||
| ubuntu/libbatik-java | <1.12-1ubuntu0.1 | 1.12-1ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/libbatik-java | <1.10-2~18.04.1 | 1.10-2~18.04.1 |
| =18.04 | ||
| All of | ||
| ubuntu/libbatik-java | <1.8-3ubuntu1+esm1 | 1.8-3ubuntu1+esm1 |
| =16.04 | ||
| All of | ||
| ubuntu/libbatik-java | <1.7.ubuntu-8ubuntu2.14.04.3+esm1 | 1.7.ubuntu-8ubuntu2.14.04.3+esm1 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2022-40146
- https://ubuntu.com/security/CVE-2020-11987
- https://ubuntu.com/security/CVE-2022-41704
- https://ubuntu.com/security/CVE-2022-38648
- https://ubuntu.com/security/CVE-2022-38398
- https://ubuntu.com/security/CVE-2019-17566
- https://ubuntu.com/security/CVE-2022-42890
- https://launchpad.net/ubuntu/+source/batik/1.14-2ubuntu0.1
- https://launchpad.net/ubuntu/+source/batik/1.14-1ubuntu0.2
- https://launchpad.net/ubuntu/+source/batik/1.12-1ubuntu0.1
- https://launchpad.net/ubuntu/+source/batik/1.10-2~18.04.1
- https://ubuntu.com/security/notices/USN-6117-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the impact of CVE-2019-17566?
CVE-2019-17566 can be used to perform a cross-site request forgery attack.
What is the impact of CVE-2020-11987?
CVE-2020-11987 is a vulnerability that can be exploited by an attacker.
How does Apache Batik handle Jar URLs in some situations?
Apache Batik incorrectly handles Jar URLs in some situations.
What is the severity of CVE-2022-38398?
The severity of CVE-2022-38398 is not specified.
What is the severity of CVE-2022-38648?
The severity of CVE-2022-38648 is not specified.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/22.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04