{
  "threat_severity" : "Moderate",
  "public_date" : "2022-10-25T00:00:00Z",
  "bugzilla" : {
    "description" : "batik: Untrusted code execution in Apache XML Graphics Batik",
    "id" : "2182183",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-918",
  "details" : [ "A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.", "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Fuse 7.12",
    "release_date" : "2023-06-29T00:00:00Z",
    "advisory" : "RHSA-2023:3954",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7",
    "package" : "batik"
  }, {
    "product_name" : "RHINT Camel-Springboot 3.20.1",
    "release_date" : "2023-05-03T00:00:00Z",
    "advisory" : "RHSA-2023:2100",
    "cpe" : "cpe:/a:redhat:camel_spring_boot:3.20.1",
    "package" : "batik"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Out of support scope",
    "package_name" : "batik",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat Integration Camel K 1",
    "fix_state" : "Will not fix",
    "package_name" : "batik",
    "cpe" : "cpe:/a:redhat:integration:1"
  }, {
    "product_name" : "Red Hat Integration Camel Quarkus 2",
    "fix_state" : "Will not fix",
    "package_name" : "batik",
    "cpe" : "cpe:/a:redhat:camel_quarkus:2"
  }, {
    "product_name" : "Red Hat JBoss Data Grid 7",
    "fix_state" : "Out of support scope",
    "package_name" : "batik",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:7"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Out of support scope",
    "package_name" : "batik",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-42890\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42890" ],
  "name" : "CVE-2022-42890",
  "csaw" : false
}