Your submission was sent successfully! Close

CVE-2019-10182

Published: 31 July 2019

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
bionic Needed

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

precise Does not exist

trusty Does not exist

upstream
Released (1.5.3-1+deb8u1, 1.8.3-1)
xenial Ignored
(end of standard support, was needed)