{"id":"CVE-2019-10181","details":"It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.","modified":"2026-04-16T04:30:23.054472815Z","published":"2019-07-31T23:15:10.777Z","related":["SUSE-SU-2019:2033-1","SUSE-SU-2022:1259-1","openSUSE-SU-2019:1911-1","openSUSE-SU-2024:10855-1"],"references":[{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Oct/5"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html"},{"type":"ADVISORY","url":"https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181"},{"type":"FIX","url":"https://security.gentoo.org/glsa/202107-51"},{"type":"FIX","url":"https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adoptopenjdk/icedtea-web","events":[{"introduced":"0"},{"last_affected":"9dafc9fb6d388d86862733cf3a008b29fd2204f6"},{"introduced":"0"},{"last_affected":"6f71f3b56240cfac7f024b582b5f4565906ef38e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.2"},{"introduced":"0"},{"last_affected":"1.8.2"}]}}],"versions":["icedtea-web-1.0-branchpoint","icedtea-web-1.1-branchpoint","icedtea-web-1.2-branchpoint","icedtea-web-1.4-branchpoint","icedtea-web-1.5-branchpoint","icedtea-web-1.6-branchpoint","icedtea-web-1.7","icedtea-web-1.7-branchpoint","icedtea-web-1.7.1","icedtea-web-1.7.2","icedtea-web-1.8-branchpoint","icedtea-web-1.8.1","icedtea-web-1.8.1pre","icedtea-web-1.8.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10181.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}