CVE-2022-34169

Опубликовано: 19 июл. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Затронутые пакеты

Платформа	Пакет	Состояние
Migration Toolkit for Applications 6	xalan	Will not fix
Migration Toolkit for Runtimes	xalan	Not affected
Red Hat AMQ Broker 7	xalan	Not affected
Red Hat build of Apache Camel 4 for Quarkus 3	xalan	Affected
Red Hat build of Apache Camel for Spring Boot 3	xalan	Affected
Red Hat build of Apache Camel for Spring Boot 4	xalan	Not affected
Red Hat Build of Keycloak	xalan	Affected
Red Hat build of OptaPlanner 8	xalan	Affected
Red Hat Data Grid 8	xalan	Not affected
Red Hat Enterprise Linux 6	java-1.6.0-openjdk	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-192

https://bugzilla.redhat.com/show_bug.cgi?id=2108554OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

EPSS

Процентиль: 92%

0.08775

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-34169

CVSS3: 7.5

ubuntu

больше 3 лет назад

CVE-2022-34169

CVSS3: 7.5

nvd

больше 3 лет назад

CVE-2022-34169

CVSS3: 7.5

msrc

около 2 месяцев назад

Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

CVE-2022-34169

CVSS3: 7.5

debian

больше 3 лет назад

The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...

SUSE-RU-2024:3971-1

suse-cvrf

11 месяцев назад

Recommended update for mojo-parent

EPSS

Процентиль: 92%

0.08775

Низкий

7.5 High

CVSS3