Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
icedtea-web 代码注入漏洞
Vulnerability Description
icedtea-web是一款JSR-56(Java网络启动协议和API)的开源实现。 icedtea-web 1.7.2及之前版本和1.8.2及之前版本中存在代码注入漏洞,该漏洞源于程序没有正确过滤来自<jar/>元素的路径。攻击者可通过诱使用户运行特制的应用程序利用该漏洞向任意地址上传任意文件。
CVSS Information
N/A
Vulnerability Type
N/A