CVE-2019-11068
Severity
9.8CRITICAL
EPSS
1.1%
top 21.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 10
Latest updateMay 13
Description
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 8.0, Fedora 29, 30, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4💬Community
3Bugzilla▶
CVE-2019-11068 libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL↗2019-05-14
Bugzilla▶
CVE-2019-11068 mingw-libxslt: libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL [fedora-all]↗2019-05-14
Bugzilla▶
CVE-2019-11068 libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL [fedora-all]↗2019-05-14