The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
21 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-07-19 18:15
Updated : 2024-06-21 19:15
NVD link : CVE-2022-34169
Mitre link : CVE-2022-34169
CVE.ORG link : CVE-2022-34169
JSON object : View
Products Affected
apache
- xalan-java
netapp
- hci_compute_node
- cloud_secure_agent
- oncommand_insight
- hci_management_node
- solidfire
- cloud_insights_acquisition_unit
- 7-mode_transition_tool
- active_iq_unified_manager
oracle
- jdk
- graalvm
- jre
- openjdk
fedoraproject
- fedora
debian
- debian_linux
azul
- zulu
CWE
CWE-681
Incorrect Conversion between Numeric Types