Your submission was sent successfully! Close

CVE-2019-10181

Published: 31 July 2019

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
bionic Needed

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

precise Does not exist

trusty Does not exist

upstream
Released (1.5.3-1+deb8u1, 1.8.3-1)
xenial Ignored
(end of standard support, was needed)