An update for batik is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1060 Final 1.0 1.0 2023-02-03 Initial 2023-02-03 2023-02-03 openEuler SA Tool V1.0 2023-02-03 batik security update An update for batik is now available for openEuler-20.03-LTS-SP1. Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function. Security Fix(es): A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.(CVE-2022-41704) A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.(CVE-2022-42890) An update for batik is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High batik https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1060 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41704 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42890 https://nvd.nist.gov/vuln/detail/CVE-2022-41704 https://nvd.nist.gov/vuln/detail/CVE-2022-42890 openEuler-20.03-LTS-SP1 batik-help-1.10-7.oe1.noarch.rpm batik-1.10-7.oe1.noarch.rpm batik-1.10-7.oe1.src.rpm A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. 2023-02-03 CVE-2022-41704 openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N batik security update 2023-02-03 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1060 A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. 2023-02-03 CVE-2022-42890 openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N batik security update 2023-02-03 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1060