Search for packages
| purl | pkg:deb/debian/libxalan2-java@2.7.1-7%2Bdeb7u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1psf-36k5-aaaa
Aliases: CVE-2014-0107 GHSA-rc2w-r4jq-7pfx |
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1psf-36k5-aaaa | The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. |
CVE-2014-0107
GHSA-rc2w-r4jq-7pfx |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T13:59:48.544490+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T09:01:33.034943+00:00 | Debian Oval Importer | Fixing | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T01:12:40.067657+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | None | 36.1.3 |
| 2025-06-20T19:33:10.295135+00:00 | Debian Oval Importer | Fixing | VCID-1psf-36k5-aaaa | None | 36.1.3 |
| 2025-06-08T13:11:04.996255+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T06:53:56.642118+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T02:48:25.399702+00:00 | Debian Oval Importer | Fixing | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-07T18:35:19.818858+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | None | 36.1.0 |
| 2025-06-07T13:29:04.052753+00:00 | Debian Oval Importer | Fixing | VCID-1psf-36k5-aaaa | None | 36.1.0 |
| 2025-04-12T18:58:48.469257+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T05:26:25.171277+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T01:15:36.197874+00:00 | Debian Oval Importer | Fixing | VCID-1psf-36k5-aaaa | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-07T17:13:04.645556+00:00 | Debian Oval Importer | Affected by | VCID-1psf-36k5-aaaa | None | 36.0.0 |
| 2025-04-07T12:04:33.235001+00:00 | Debian Oval Importer | Fixing | VCID-1psf-36k5-aaaa | None | 36.0.0 |