It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-07-31T21:56:11

Updated: 2021-07-24T04:06:32

Reserved: 2019-03-27T00:00:00


Link: CVE-2019-10181

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2019-07-31T23:15:10.777

Modified: 2023-02-12T23:33:23.527


Link: CVE-2019-10181

JSON object: View

cve-icon Redhat Information

No data.

CWE