It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icedtea-web project icedtea-web |
||
icedtea-web project icedtea-web 1.8.2 |
||
debian debian linux 8.0 |
||
opensuse leap 15.0 |