{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-34169", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2024-08-03T08:16:17.277Z", "dateReserved": "2022-06-21T00:00:00", "datePublished": "2022-07-19T00:00:00"}, "containers": {"cna": {"affected": [{"product": "Apache Xalan-J", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.7.2", "status": "affected", "version": "Xalan-J", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Reported by Felix Wilhelm, Google Project Zero"}], "descriptions": [{"lang": "en", "value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."}], "problemTypes": [{"descriptions": [{"description": "integer truncation", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-05T07:29:25.615Z"}, "references": [{"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"}, {"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"}, {"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"}, {"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"}, {"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"}, {"name": "DSA-5188", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5188"}, {"name": "DSA-5192", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5192"}, {"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"}, {"name": "FEDORA-2022-19b6f21746", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"}, {"name": "FEDORA-2022-ae563934f7", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"}, {"name": "FEDORA-2022-e573851f56", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"}, {"name": "FEDORA-2022-d26586b419", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"}, {"name": "FEDORA-2022-80afe2304a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"}, {"name": "FEDORA-2022-b76ab52e73", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"}, {"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"}, {"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"}, {"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"}, {"name": "DSA-5256", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5256"}, {"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"}, {"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"}, {"url": "https://security.gentoo.org/glsa/202401-25"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "x_generator": {"engine": "Vulnogram 0.0.9"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:17.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", "tags": ["x_transferred"]}, {"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"}, {"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"}, {"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"}, {"name": "DSA-5188", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5188"}, {"name": "DSA-5192", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5192"}, {"url": "https://security.netapp.com/advisory/ntap-20220729-0009/", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-19b6f21746", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"}, {"name": "FEDORA-2022-ae563934f7", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"}, {"name": "FEDORA-2022-e573851f56", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"}, {"name": "FEDORA-2022-d26586b419", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"}, {"name": "FEDORA-2022-80afe2304a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"}, {"name": "FEDORA-2022-b76ab52e73", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"}, {"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"}, {"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"}, {"name": "DSA-5256", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5256"}, {"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"}, {"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"}, {"url": "https://security.gentoo.org/glsa/202401-25", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*", "matchCriteriaId": "E406791B-F9FD-4E3F-831C-296D8F8FF9BE", "versionEndIncluding": "2.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7D961E24-EA18-4217-B5F5-F847726D84E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "601D92C4-F71F-47E2-9041-5C286D2137F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B18FE85D-C53D-44E9-8992-715820D1264B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*", "matchCriteriaId": "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*", "matchCriteriaId": "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C0485FC-E4B2-464E-8228-1387AC5F353B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7AF3539B-0434-4310-AE88-F46864C7C20F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F5CC9398-71B6-4480-95ED-EDCE838D157E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*", "matchCriteriaId": "60614E43-090E-44D7-94AD-FFAE38FF111F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*", "matchCriteriaId": "131E1C9E-721C-4176-B78B-69C01F90A9A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD4BFA12-588A-4D8D-B45F-648A55EC674C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EF9CFB1-CEC9-483E-BECF-618190C03944", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9", "versionEndIncluding": "11.0.15", "versionStartIncluding": "11", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539", "versionEndIncluding": "13.0.11", "versionStartIncluding": "13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08", "versionEndIncluding": "15.0.7", "versionStartIncluding": "15", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053", "versionEndIncluding": "17.0.3", "versionStartIncluding": "17", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*", "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*", "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*", "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*", "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*", "matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*", "matchCriteriaId": "4E4633C4-E552-439D-8FE4-139E3A7956CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*", "matchCriteriaId": "50C77346-8893-44F0-B0D1-5D4D30A9CA3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*", "matchCriteriaId": "63E58DE0-A96A-452E-986F-3BD2FEA7C723", "vulnerable": true}, {"criteria": "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*", "matchCriteriaId": "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*", "matchCriteriaId": "BD7A33EC-DE03-424F-9796-E5EA071FF6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*", "matchCriteriaId": "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*", "matchCriteriaId": "B6302149-28AA-481E-BC6C-87D05E73768A", "vulnerable": true}, {"criteria": "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*", "matchCriteriaId": "20DFD9D8-8648-40F7-81B8-04F852A337FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."}, {"lang": "es", "value": "La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT maliciosas. Esto puede usarse para corromper los archivos de clase Java generados por el compilador interno XSLTC y ejecutar c\u00f3digo de bytes Java arbitrario. El proyecto Apache Xalan Java est\u00e1 inactivo y en proceso de ser retirado. No son esperadas futuras versiones de Apache Xalan Java que abordan este problema. Nota: Los tiempos de ejecuci\u00f3n de Java (como OpenJDK) incluyen copias reempaquetadas de Xalan."}], "id": "CVE-2022-34169", "lastModified": "2024-06-21T19:15:23.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-19T18:15:11.740", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"}, {"source": "security@apache.org", "url": "https://security.gentoo.org/glsa/202401-25"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220729-0009/"}, {"source": "security@apache.org", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5188"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5192"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5256"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-681"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3708", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:3.20.6", "package": "xalan", "product_name": "Red Hat build of Apache Camel 3.20.6 for Spring Boot", "release_date": "2024-06-06T00:00:00Z"}, {"advisory": "RHSA-2022:5755", "cpe": "cpe:/a:redhat:openjdk:11", "package": "Linux", "product_name": "Red Hat Build of OpenJDK 11.0.16", "release_date": "2022-07-28T00:00:00Z"}, {"advisory": "RHSA-2022:5756", "cpe": "cpe:/a:redhat:openjdk:11::windows", "package": "Windows", "product_name": "Red Hat Build of OpenJDK 11.0.16", "release_date": "2022-07-28T00:00:00Z"}, {"advisory": "RHSA-2022:5758", "cpe": "cpe:/a:redhat:openjdk:17", "package": "Linux", "product_name": "Red Hat Build of OpenJDK 17.0.4", "release_date": "2022-07-28T00:00:00Z"}, {"advisory": "RHSA-2022:5757", "cpe": "cpe:/a:redhat:openjdk:17::windows", "package": "Windows", "product_name": "Red Hat Build of OpenJDK 17.0.4", "release_date": "2022-07-28T00:00:00Z"}, {"advisory": "RHSA-2022:5754", "cpe": "cpe:/a:redhat:openjdk:1.8", "package": "Linux", "product_name": "Red Hat Build of OpenJDK 8u342", "release_date": "2022-07-28T00:00:00Z"}, {"advisory": "RHSA-2022:5753", "cpe": "cpe:/a:redhat:openjdk:1.8::windows", "package": "Windows", "product_name": "Red Hat Build of OpenJDK 8u342", "release_date": "2022-07-28T00:00:00Z"}, {"advisory": "RHSA-2022:5687", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-11-openjdk-1:11.0.16.0.8-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-07-21T00:00:00Z"}, {"advisory": "RHSA-2022:5698", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.8.0-openjdk-1:1.8.0.342.b07-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5683", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "java-11-openjdk-1:11.0.16.0.8-1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-07-21T00:00:00Z"}, {"advisory": "RHSA-2022:5696", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "java-1.8.0-openjdk-1:1.8.0.342.b07-2.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5726", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "java-17-openjdk-1:17.0.4.0.8-2.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-07-26T00:00:00Z"}, {"advisory": "RHSA-2022:5685", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "java-11-openjdk-1:11.0.16.0.8-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-07-21T00:00:00Z"}, {"advisory": "RHSA-2022:5701", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "java-1.8.0-openjdk-1:1.8.0.342.b07-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5684", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "java-11-openjdk-1:11.0.16.0.8-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-07-21T00:00:00Z"}, {"advisory": "RHSA-2022:5700", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "java-1.8.0-openjdk-1:1.8.0.342.b07-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5681", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "java-11-openjdk-1:11.0.16.0.8-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-21T00:00:00Z"}, {"advisory": "RHSA-2022:5697", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "java-1.8.0-openjdk-1:1.8.0.342.b07-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5695", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "java-11-openjdk-1:11.0.16.0.8-1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5709", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "java-1.8.0-openjdk-1:1.8.0.342.b07-1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5736", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "java-17-openjdk-1:17.0.4.0.8-2.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-27T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", "id": "2108554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-192", "details": ["The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."], "name": "CVE-2022-34169", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Will not fix", "package_name": "xalan", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Not affected", "package_name": "xalan", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:camel_quarkus:3", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat build of Apache Camel for Quarkus"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "xalan", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "java-1.8.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.7.1-ibm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.8.0-ibm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "java-1.8.0-ibm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "xalan", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat JBoss A-MQ 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Will not fix", "package_name": "xalan", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "xalan", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "impact": "moderate", "package_name": "xalan", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "xalan", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "xalan", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Will not fix", "package_name": "xalan", "product_name": "streams for Apache Kafka"}], "public_date": "2022-07-19T20:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-34169\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34169"], "threat_severity": "Important"}