Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/xalan/xalan@2.7.2
purl pkg:maven/xalan/xalan@2.7.2
Next non-vulnerable version 2.7.3
Latest non-vulnerable version 2.7.3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-rfs8-njaq-qkc8
Aliases:
CVE-2022-34169
GHSA-9339-86wc-4qgf
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. A fix for this issue was published in September 2022 as part of an anticipated 2.7.3 release.
2.7.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-kcrm-j8h2-8qbt The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. CVE-2014-0107
GHSA-rc2w-r4jq-7pfx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:05:55.949536+00:00 GitLab Importer Affected by VCID-rfs8-njaq-qkc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 38.4.0
2026-04-16T21:48:23.457043+00:00 GitLab Importer Fixing VCID-kcrm-j8h2-8qbt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 38.4.0
2026-04-11T23:21:56.601730+00:00 GitLab Importer Affected by VCID-rfs8-njaq-qkc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 38.3.0
2026-04-11T23:04:17.163249+00:00 GitLab Importer Fixing VCID-kcrm-j8h2-8qbt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 38.3.0
2026-04-02T23:28:46.501392+00:00 GitLab Importer Affected by VCID-rfs8-njaq-qkc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 38.1.0
2026-04-02T23:12:38.417046+00:00 GitLab Importer Fixing VCID-kcrm-j8h2-8qbt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 38.1.0
2026-04-01T17:50:01.762795+00:00 GitLab Importer Affected by VCID-rfs8-njaq-qkc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 38.0.0
2026-04-01T16:00:52.896861+00:00 GHSA Importer Fixing VCID-kcrm-j8h2-8qbt https://github.com/advisories/GHSA-rc2w-r4jq-7pfx 38.0.0
2026-04-01T13:10:49.704711+00:00 GithubOSV Importer Fixing VCID-kcrm-j8h2-8qbt https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rc2w-r4jq-7pfx/GHSA-rc2w-r4jq-7pfx.json 38.0.0
2026-04-01T12:50:14.035267+00:00 GitLab Importer Fixing VCID-kcrm-j8h2-8qbt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 38.0.0