Your submission was sent successfully! Close

CVE-2019-10181

Published: 31 July 2019

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
Upstream
Released (1.5.3-1+deb8u1, 1.8.3-1)
Ubuntu 21.10 (Impish Indri) Needed

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist