Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Aleksey XML Security Library XSLT文件访问漏洞
Vulnerability Description
XML Security Library是一个基于LibXML2 开发的用来处理XML安全标准的C库。 当XSLT启用时,在WebKit和其他产品中使用的XML Security Library(又名xmlsec)1.2.17之前版本中的xslt.c中存在权限许可和访问控制漏洞。远程攻击者可以借助与签名验证过程中的libxslt输出扩展和ds:Transform元素有关的向量,创建或者覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A