Miggo Logo
Miggo Vulnerability Database
CVE-2022-41704

CVE-2022-41704: Apache XML Graphics Batik vulnerable to code execution via SVG.

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-41704
GHSA ID
GHSA-r29w-r9ph-vm76
EPSS Score
0.40118%
CWE
CWE-918
Published
10/25/2022
Updated
1/8/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.xmlgraphics:batikmaven< 1.161.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Batik's handling of <script> elements with type 'application/java-archive'. The commit 905f368 shows the fix added a script type check (SVG_SCRIPT_TYPE_JAVA) to DefaultScriptSecurity's constructor. This indicates the vulnerable code path was in the script loading validation logic that previously didn't properly restrict Java archive execution. The CWE-918 classification aligns with the SSRF vector through improper URI validation, but the primary impact was code execution via Java class loading from untrusted sources.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility in **tik o* *p**** XML *r*p*i*s *llows *n *tt**k*r to run untrust** J*v* *o** *rom *n SV*. T*is issu* *****ts *p**** XML *r*p*i*s prior to *.**. It is r**omm*n*** to up**t* to v*rsion *.**.

Reasoning

T** vuln*r**ility st*ms *rom **tik's **n*lin* o* <s*ript> *l*m*nts wit* typ* '*ppli**tion/j*v*-*r**iv*'. T** *ommit ******* s*ows t** *ix ***** * s*ript typ* ****k (SV*_S*RIPT_TYP*_J*V*) to ****ultS*riptS**urity's *onstru*tor. T*is in*i**t*s t** vuln