Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-10181 - log back

CVE-2019-10181 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Remote

Type

+	Insufficient validation

Description

+	It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

References

+	https://marc.info/?l=oss-security&m=156458681628488
+	https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2fd1e4b769911f2c6f7f3902f7ea21568ddc2f99

Notes