Uploaded image for project: 'Batik'
  1. Batik
  2. BATIK-1338

Block loading jar inside svg

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.16
    • None
    • None

    Description

      We should block loading jars by default to avoid running untrusted code:

      <script type="application/java-archive" xlink:href="file.jar"/>

      CVE-2022-41704

      Attachments

        Issue Links

          Activity

            People

              ssteiner Simon Steiner
              ssteiner Simon Steiner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: