[BATIK-1345] Restrict what java classes can be run thru rhino - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.16
Component/s: None
Labels:
None

Description

The user should not be able to run java api's such as:
Runtime.getRuntime().exec("xxx");

CVE-2022-42890

Attachments

Issue Links

relates to

FOP-3104 A FOP 2.7.1 hotfix release with only updated batik dependencies to 1.16

Resolved

Activity

People

Assignee:: Simon Steiner

Reporter:: Simon Steiner

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Oct/22 12:23

Updated:: 01/Nov/22 09:19

Resolved:: 12/Oct/22 12:25