Lucene search

K
githubGitHub Advisory DatabaseGHSA-9339-86WC-4QGF
HistoryJul 20, 2022 - 12:00 a.m.

Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets

2022-07-2000:00:18
CWE-681
GitHub Advisory Database
github.com
49

0.002 Low

EPSS

Percentile

53.1%

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

A fix for this issue was published in September 2022 as part of an anticipated 2.7.3 release.

CPENameOperatorVersion
xalan:xalanlt2.7.3

References