The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-12T12:13:51.884Z

Updated: 2024-08-02T03:37:05.178Z

Reserved: 2024-05-30T12:02:13.706Z

Link: CVE-2024-36522

cve-icon Vulnrichment

Updated: 2024-07-12T17:05:28.361Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-12T13:15:11.867

Modified: 2024-11-21T09:22:19.577

Link: CVE-2024-36522

cve-icon Redhat

No data.