Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-10182  

It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

Source
Severity High

Remote Yes

Type Directory traversal

Description 

It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

AVG-1017 icedtea-web 1.7-1 High Vulnerable 

https://marc.info/?l=oss-security&m=156458681628488
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2fd1e4b769911f2c6f7f3902f7ea21568ddc2f99
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/e0818f521a0711aeec4b913b49b5fc6a52815662
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344/commits/2ab070cdac087bd208f64fa8138bb709f8d7680c

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started