---

CVE-2017-10096 - log back

CVE-2017-10096 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ It was discovered that the implementation of the TransformerException class in the JAXP component of OpenJDK failed to properly perform access control checks, related to handling of the DTM exceptions. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp/rev/510b8c8dfdd6
Notes