CVE-2019-10181

Source
Severity High
Remote Yes
Type Insufficient validation
Description
It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
Group Package Affected Fixed Severity Status Ticket
AVG-1017 icedtea-web 1.7-1 High Vulnerable
References
https://marc.info/?l=oss-security&m=156458681628488
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2fd1e4b769911f2c6f7f3902f7ea21568ddc2f99