PT-2022-3956 · Apache+12 · Apache Xalan Java Xslt Library+12
Felix Wilhelm
·
Published
2022-07-04
·
Updated
2026-05-08
·
CVE-2022-34169
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Xalan Java XSLT library versions prior to 2.7.3
Description
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Note that Java runtimes, such as OpenJDK, include repackaged copies of Xalan.
Recommendations
To resolve the issue, update to version 2.7.3 or later.
As a temporary workaround, consider restricting the processing of malicious XSLT stylesheets until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Apache Xalan Java Xslt Library
Astra Linux
Centos
Java Platform
Jira
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu