---

CVE-2019-10182 - log back

CVE-2019-10182 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Directory traversal
Description	+ It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
References	+ https://marc.info/?l=oss-security&m=156458681628488 + https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2fd1e4b769911f2c6f7f3902f7ea21568ddc2f99 + https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/e0818f521a0711aeec4b913b49b5fc6a52815662 + https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2ab070cdac087bd208f64fa8138bb709f8d7680c
Notes