[jira] [Updated] (BATIK-1345) Restrict what java classes can be run thru rhino

Simon Steiner (Jira) Tue, 25 Oct 2022 03:13:04 -0700


     [ 
https://issues.apache.org/jira/browse/BATIK-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Simon Steiner updated BATIK-1345:
---------------------------------
    Description: 
The user should not be able to run java api's such as:
Runtime.getRuntime().exec("xxx");

CVE-2022-42890

  was:
The user should not be able to run java api's such as:
Runtime.getRuntime().exec("xxx");


> Restrict what java classes can be run thru rhino
> ------------------------------------------------
>
>                 Key: BATIK-1345
>                 URL: https://issues.apache.org/jira/browse/BATIK-1345
>             Project: Batik
>          Issue Type: Bug
>            Reporter: Simon Steiner
>            Assignee: Simon Steiner
>            Priority: Major
>             Fix For: trunk
>
>
> The user should not be able to run java api's such as:
> Runtime.getRuntime().exec("xxx");
> CVE-2022-42890



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscr...@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-h...@xmlgraphics.apache.org

[jira] [Updated] (BATIK-1345) Restrict what java classes can be run thru rhino

Reply via email to