CVE-2014-0107P3HIGHCVSS 7.5fixed in libxalan2-java 2.7.1-9 (bookworm)2014
CVE-2014-0107 [HIGH] CVE-2014-0107: libxalan2-java - The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restr...
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (
debian