CVE-2019-11068
published 2019-04-10CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxslt | < libxslt 1.1.32-2.1 (bookworm) | libxslt 1.1.32-2.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| netapp | e-series_santricity_os_controller | 11.0 – 11.70.2 | — |
| nokogiri | nokogiri | >= 0 < 1.10.3 | 1.10.3 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| oracle | jdk | — | — |
| xmlsoft | libxslt | <= 1.1.33 | — |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.1 | 1.1.32-2.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL