Published: 10/04/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

libxslt up to and including 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxslt
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
debian debian linux 8.0
fedoraproject fedora 29
fedoraproject fedora 30
oracle jdk 8.0
netapp cloud backup -
netapp element software -
netapp steelstore cloud integrated storage -
netapp snapmanager -
netapp oncommand workflow automation -
netapp oncommand insight -
netapp e-series santricity web services proxy -
netapp e-series santricity storage manager -
netapp e-series santricity unified manager -
netapp solidfire -
netapp hci management node -
netapp active iq unified manager -
netapp santricity unified manager -
netapp e-series santricity management plug-ins -
netapp plug-in for symantec netbackup -
netapp e-series santricity os controller
opensuse leap 42.3
opensuse leap 15.0
opensuse leap 15.1

Debian Bug report logs - #926895 libxslt: CVE-2019-11068 Package: src:libxslt; Maintainer for src:libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 11 Apr 2019 20:48:05 UTC Severity: important Tags: security, upstream Fou ...

Libxslt could be made to expose sensitive information if it received a specially crafted file ...

Synopsis Moderate: libxslt security update Type/Severity Security Advisory: Moderate Topic An update for libxslt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Moderate: libxslt security update Type/Severity Security Advisory: Moderate Topic An update for libxslt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...

Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...

Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...

libxslt through 1133 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded (CVE-2019-11068) In xsltCopyText in transformc in libxslt 1133, a pointer vari ...

libxslt allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded (CVE-2019-11068) ...

Reproduction recipe for a problem with Bundler

Describe the problem as clearly as you can I wanted to upgrade a specific gem in our repository (activerecord-postgis-adapter) This is the entire diff: diff --git a/Gemfile b/Gemfile index 27df2168388edf2f4f5c 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ ruby "273" gem "actionpack-action_caching", git: "githubcom/rails/actionpack-ac

NVD-CWE-noinfo https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html https://usn.ubuntu.com/3947-2/http://www.openwall.com/lists/oss-security/2019/04/22/1 https://usn.ubuntu.com/3947-1/http://www.openwall.com/lists/oss-security/2019/04/23/5 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://security.netapp.com/advisory/ntap-20191017-0001/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895 https://nvd.nist.gov https://usn.ubuntu.com/3947-1/

Get Started

CVE-2019-11068

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect