GHSA-9339-86wc-4qgf

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-9339-86wc-4qgf/GHSA-9339-86wc-4qgf.json
Aliases
Published
2022-07-20T00:00:18Z
Modified
2022-09-22T19:27:01.710946Z
Details

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

A fix for this issue was published in September 2022 as part of an anticipated 2.7.3 release.

References

Affected packages

Maven / xalan:xalan

xalan:xalan

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.7.3

Affected versions

2.*

2.1.0
2.3.1
2.4.0
2.4.1
2.5.0
2.5.1
2.5.D1
2.6.0
2.7.0
2.7.1
2.7.2

Database specific

{
    "last_known_affected_version_range": "<= 2.7.2"
}