Описание
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/noble | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | |
| impish | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| impish | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/focal | ignored | superseded by openjdk-17 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was ignored [superseded by openjdk-17] |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/focal | ignored | superseded by openjdk-17 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was ignored [superseded by openjdk-17] |
| impish | ignored | end of life |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 17.0.4+8-1~18.04 |
| devel | not-affected | 17.0.4+8-1 |
| esm-apps/bionic | released | 17.0.4+8-1~18.04 |
| esm-apps/jammy | released | 17.0.4+8-1~22.04 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | focal was released [17.0.4+8-1~20.04] |
| focal | released | 17.0.4+8-1~20.04 |
| impish | ignored | end of life |
| jammy | released | 17.0.4+8-1~22.04 |
| kinetic | released | 17.0.4+8-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/jammy | released | 18.0.2+9-2~22.04 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| impish | ignored | end of life |
| jammy | released | 18.0.2+9-2~22.04 |
| kinetic | released | 18.0.2+9-2 |
| lunar | not-affected | 18.0.2+9-2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 8u342-b07-0ubuntu1~18.04 |
| devel | not-affected | 8u342-b07-1 |
| esm-apps/bionic | released | 8u342-b07-0ubuntu1~18.04 |
| esm-apps/focal | released | 8u342-b07-0ubuntu1~20.04 |
| esm-apps/jammy | released | 8u342-b07-0ubuntu1~22.04 |
| esm-apps/noble | not-affected | 8u342-b07-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 8u342-b07-0ubuntu1~16.04 |
| focal | released | 8u342-b07-0ubuntu1~20.04 |
| impish | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | ignored | no longer supported by upstream |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 11.0.16+8-0ubuntu1~18.04 |
| devel | released | 11.0.16+8-0ubuntu1 |
| esm-apps/noble | released | 11.0.16+8-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 11.0.16+8-0ubuntu1~18.04 |
| esm-infra/focal | not-affected | 11.0.16+8-0ubuntu1~20.04 |
| focal | released | 11.0.16+8-0ubuntu1~20.04 |
| impish | ignored | end of life |
| jammy | released | 11.0.16+8-0ubuntu1~22.04 |
| kinetic | released | 11.0.16+8-0ubuntu1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
EPSS
7.5 High
CVSS3