Apache Xalan Java XSLT library integer truncation vulnerability (CVE-2022-34169) (4371508)

立即与支持人员聊天

反馈已提交

本文是否解决了您的问题？

选择评级

标题

Apache Xalan Java XSLT library integer truncation vulnerability (CVE-2022-34169)
说明

A security scan identified the following vulnerability for Apache Xalan Java XSLT library in the Foglight installation:

CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
原因

The file flagged with this vulnerability is:

[FMS_HOME]/server/core/xalan.jar

This file does contain Apache Xalan Java XSLT library version 2.7.2, which is referenced in the vulnerability report for CVE-2022-34169 .
解决办法

Foglight has removed this dependency in Foglight version 6.3.0 already available for download from the Support Portal .

反馈已提交

本文是否解决了您的问题？

选择评级

建议的内容

产品：: Foglight
6.1.0, 6.0.0, 5.9.8, 5.9.7; Foglight Evolve
6.1.0, 6.0.0, 9.3; Foglight for Databases
6.1.0, 6.0.0, 5.9.7

标题