CVE-2019-10182 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Directory traversal
Description	It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1017	icedtea-web	1.7-1	1.8.3-1	High	Fixed

References
https://marc.info/?l=oss-security&m=156458681628488 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2fd1e4b769911f2c6f7f3902f7ea21568ddc2f99 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/e0818f521a0711aeec4b913b49b5fc6a52815662 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2ab070cdac087bd208f64fa8138bb709f8d7680c

References

https://marc.info/?l=oss-security&m=156458681628488
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2fd1e4b769911f2c6f7f3902f7ea21568ddc2f99
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/e0818f521a0711aeec4b913b49b5fc6a52815662
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2ab070cdac087bd208f64fa8138bb709f8d7680c