libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10/04/2019
by Oracle
2 months ago
by Netapp
2 months ago
by Netapp
5 months ago
by Netapp
5 months ago
by Netapp
a year ago
by Netapp
a year ago
by Netapp
a year ago
by Netapp
a year ago
by Netapp
a year ago
by Netapp
2 years ago
by Debian
a month ago
by Fedoraproject
a month ago
by Canonical
3 months ago
by Opensuse
6 months ago