Batik 1.9.1 CRITICAL vulnerability CVE-2018-8013 (batik-dom) #5584
Description
There's another critical CVE in batik, https://nvd.nist.gov/vuln/detail/CVE-2018-8013
Unfortunately the latest version of kettle we can grab (9.4.0.0-343) still has batik-1.9.1 in it.
If no update, can you share if this CVE applies here ? Does kettle use that part of batik-dom ?
Would it work without that jar included or with forced upgrade of all batik dependencies to 1.10 ?