2 matches found
SUSE-SU-2022:1259-1 Security update for icedtea-web
This update for icedtea-web fixes the following issues: - CVE-2019-10181: Fixed an issue where an attacker could inject unsigned code in a signed JAR file bsc1142835. - CVE-2019-10182: Fixed a path traversal issue where an attacker could upload arbritrary files by tricking a victim into running a...
icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite
It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox...