Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-54910
HistoryJul 21, 2022 - 12:00 a.m.

Apache Xalan input validation error vulnerability

2022-07-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
62

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Apache Xalan is an open source software library from the Apache Foundation. Apache Xalan Java XSLT inventory is vulnerable to an input validation error that stems from an integer truncation problem when processing malicious XSLT stylesheets. An attacker could use this vulnerability to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

CPENameOperatorVersion
apache xalan javalt2.7.2

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H