{"id":"JLSEC-2026-577","details":"libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.","modified":"2026-06-08T13:30:04.038168123Z","published":"2026-06-08T13:15:35.983Z","upstream":["CVE-2019-11068"],"database_specific":{"sources":[{"database_specific":{"status":"Modified"},"imported":"2026-06-07T01:46:46.531Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-11068","id":"CVE-2019-11068","modified":"2026-05-28T19:16:28.143Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11068","published":"2019-04-10T20:29:01.147Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/04/22/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/04/22/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/04/23/5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/04/23/5"},{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"},{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20191017-0001/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20191017-0001/"},{"type":"WEB","url":"https://usn.ubuntu.com/3947-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3947-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3947-2/"},{"type":"WEB","url":"https://usn.ubuntu.com/3947-2/"},{"type":"WEB","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"type":"WEB","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}],"affected":[{"package":{"name":"XSLT_jll","ecosystem":"Julia","purl":"pkg:julia/XSLT_jll?uuid=aed1982a-8fda-507f-9586-7b0439959a61"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.1.34+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-577.json"}}],"schema_version":"1.7.5"}