550314 – Known security vulnerability in Batik 1.7 used by BIRT reportengine 4.8

Bug 550314 - Known security vulnerability in Batik 1.7 used by BIRT reportengine 4.8

Summary: Known security vulnerability in Batik 1.7 used by BIRT reportengine 4.8

Status:	NEW

Alias:	None

Product:	z_Archived
Classification:	Eclipse Foundation
Component:	BIRT (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P3 critical (vote)
Target Milestone:	---
Assignee:	Birt-ReportEngine-inbox@eclipse.org
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-08-22 01:48 EDT by ANuj Gupta
Modified:	2020-05-21 12:37 EDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ANuj Gupta

2019-08-22 01:48:14 EDT

Batik 1.7 which is bundled with BIRT 4.8 has severe vulnerabilities. Batik has already released new versions which has fix for these vulnerabilities. 
BIRT needs to update these. Here is the list of vulnerabilities reported:
CVE-2018-8013 (BDSA-2018-1559) : Base Socre 9.8
CVE-2017-5662 (BDSA-2012-0002): Base Score 7.3
CVE-2015-0250: Base score 6.4

All these are fixed in latest Batik version 1.11.