CVE-2018-8013
published 2018-05-24CVE-2018-8013: In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | batik | >= 0 < 1.10-1 | 1.10-1 |
| apache | batik | >= 0 < 1.10-1 | 1.10-1 |
| apache | batik | >= 0 < 1.10-1 | 1.10-1 |
| apache | batik | >= 0 < 1.10-1 | 1.10-1 |
| apache | batik | >= 1.0 < 1.10 | 1.10 |
| apache_software_foundation | apache_batik | — | — |
| canonical | ubuntu_linux | — | — |
| debian | batik | < batik 1.10-1 (bookworm) | batik 1.10-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | communications_diameter_signaling_router | < 8.3 | 8.3 |
| oracle | communications_metasolv_solution | — | — |
| oracle | communications_webrtc_session_controller | < 7.2 | 7.2 |
| oracle | data_integrator | — | — |
| oracle | enterprise_repository | — | — |
| oracle | enterprise_repository | — | — |
| oracle | financial_services_analytical_applications_infrastructure | 7.3.3.0.0 – 7.3.3.0.2 | — |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.0.0.0 – 8.0.7.1.0 | — |
| oracle | fusion_middleware_mapviewer | — | — |
| oracle | fusion_middleware_mapviewer | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL