CVE-2022-34169

ADVISORY - github

Summary

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

A fix for this issue was published in September 2022 as part of an anticipated 2.7.3 release.

EPSS Score⁠: 0.1168 (0.934)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-681⁠

Incorrect Conversion between Numeric Types

ADVISORY - github

CWE-681⁠

Incorrect Conversion between Numeric Types

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-192⁠

Integer Coercion Error

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.