AVG-1017 log
| Package | icedtea-web |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 1.7-1 |
| Fixed | 1.8.3-1 |
| Current | 1.8.8-1 [extra] |
| Ticket | None |
| Created | Fri Aug 2 13:45:31 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-10185 | High | Yes | Directory traversal | It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to... |
| CVE-2019-10182 | High | Yes | Directory traversal | It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially... |
| CVE-2019-10181 | High | Yes | Insufficient validation | It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject... |