Описание
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.29-5ubuntu0.1 |
| cosmic | released | 1.1.32-2ubuntu0.1 |
| devel | released | 1.1.32-2ubuntu0.1 |
| esm-infra-legacy/trusty | released | 1.1.28-2ubuntu0.2 |
| esm-infra/bionic | released | 1.1.29-5ubuntu0.1 |
| esm-infra/xenial | released | 1.1.28-2.1ubuntu0.2 |
| precise/esm | not-affected | 1.1.26-8ubuntu1.5 |
| trusty | released | 1.1.28-2ubuntu0.2 |
| trusty/esm | released | 1.1.28-2ubuntu0.2 |
| upstream | needs-triage |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
libxslt through 1.1.33 allows bypass of a protection mechanism because ...
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3