Search for packages
Package details: pkg:maven/xalan/xalan@2.5.0
purl pkg:maven/xalan/xalan@2.5.0
Next non-vulnerable version 2.7.3
Latest non-vulnerable version 2.7.3
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-1psf-36k5-aaaa
Aliases:
CVE-2014-0107
GHSA-rc2w-r4jq-7pfx
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
2.7.2
Affected by 1 other vulnerability.
VCID-738u-1m1q-aaaa
Aliases:
CVE-2022-34169
GHSA-9339-86wc-4qgf
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
2.7.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:00:08.385217+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 36.1.3
2025-06-20T16:00:08.333954+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 36.1.3
2025-06-20T15:40:57.692444+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 36.1.3
2025-06-20T15:40:03.509189+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 36.1.3
2025-06-03T22:40:36.007240+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 36.1.0
2025-06-03T22:40:35.961408+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 36.1.0
2025-06-03T22:21:13.905553+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 36.1.0
2025-06-03T22:20:19.543824+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 36.1.0
2025-06-02T22:29:21.914631+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 36.1.2
2025-06-02T22:29:21.869933+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 36.1.2
2025-06-02T22:10:06.447891+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 36.1.2
2025-06-02T22:09:07.495575+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 36.1.2
2025-04-03T20:09:55.121811+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 36.0.0
2025-04-03T20:09:54.995841+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 36.0.0
2025-04-03T19:38:31.775053+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 36.0.0
2025-04-03T19:37:48.504440+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 36.0.0
2025-02-18T07:19:04.751198+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 35.1.0
2025-02-18T07:19:04.601725+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 35.1.0
2025-02-18T05:44:58.466428+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 35.1.0
2025-02-18T05:44:58.237652+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 35.1.0
2024-11-21T02:57:38.127999+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 35.0.0
2024-11-21T02:09:53.670417+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 35.0.0
2024-11-19T02:47:35.804780+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 34.3.2
2024-11-19T01:53:03.989285+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 34.3.2
2024-10-08T03:22:52.055001+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 34.0.2
2024-10-08T02:26:48.409301+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 34.0.2
2024-10-07T20:37:54.773094+00:00 GHSA Importer Affected by VCID-738u-1m1q-aaaa https://github.com/advisories/GHSA-9339-86wc-4qgf 34.0.2
2024-10-07T16:46:33.874649+00:00 GHSA Importer Affected by VCID-1psf-36k5-aaaa https://github.com/advisories/GHSA-rc2w-r4jq-7pfx 34.0.2
2024-09-23T03:12:12.490441+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 34.0.1
2024-09-23T02:25:02.531361+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 34.0.1
2024-09-22T21:17:21.597409+00:00 GHSA Importer Affected by VCID-738u-1m1q-aaaa https://github.com/advisories/GHSA-9339-86wc-4qgf 34.0.1
2024-09-22T17:10:29.177267+00:00 GHSA Importer Affected by VCID-1psf-36k5-aaaa https://github.com/advisories/GHSA-rc2w-r4jq-7pfx 34.0.1
2024-04-24T05:54:34.904845+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 34.0.0rc4
2024-04-24T05:54:34.711551+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 34.0.0rc4
2024-04-24T04:53:49.202445+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 34.0.0rc4
2024-04-24T04:53:49.045320+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 34.0.0rc4
2024-04-23T23:13:53.689675+00:00 GHSA Importer Affected by VCID-738u-1m1q-aaaa https://github.com/advisories/GHSA-9339-86wc-4qgf 34.0.0rc4
2024-04-23T23:13:53.151039+00:00 GHSA Importer Affected by VCID-738u-1m1q-aaaa None 34.0.0rc4
2024-04-23T18:00:31.378705+00:00 GHSA Importer Affected by VCID-1psf-36k5-aaaa None 34.0.0rc4
2024-04-23T18:00:31.187283+00:00 GHSA Importer Affected by VCID-1psf-36k5-aaaa https://github.com/advisories/GHSA-rc2w-r4jq-7pfx 34.0.0rc4
2024-01-10T08:25:40.919781+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 34.0.0rc2
2024-01-10T08:25:40.669957+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 34.0.0rc2
2024-01-10T07:27:28.211264+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 34.0.0rc2
2024-01-10T07:27:28.058432+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 34.0.0rc2
2024-01-10T01:09:55.277435+00:00 GHSA Importer Affected by VCID-738u-1m1q-aaaa https://github.com/advisories/GHSA-9339-86wc-4qgf 34.0.0rc2
2024-01-10T01:09:54.755241+00:00 GHSA Importer Affected by VCID-738u-1m1q-aaaa None 34.0.0rc2
2024-01-09T19:56:46.876501+00:00 GHSA Importer Affected by VCID-1psf-36k5-aaaa None 34.0.0rc2
2024-01-09T19:56:46.685467+00:00 GHSA Importer Affected by VCID-1psf-36k5-aaaa https://github.com/advisories/GHSA-rc2w-r4jq-7pfx 34.0.0rc2
2024-01-04T01:10:48.220493+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa None 34.0.0rc1
2024-01-04T01:10:48.024127+00:00 GitLab Importer Affected by VCID-1psf-36k5-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2014-0107.yml 34.0.0rc1
2024-01-04T00:13:05.268394+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa None 34.0.0rc1
2024-01-04T00:13:05.106139+00:00 GitLab Importer Affected by VCID-738u-1m1q-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xalan/xalan/CVE-2022-34169.yml 34.0.0rc1
2024-01-03T15:25:31.707665+00:00 GHSA Importer Affected by VCID-1psf-36k5-aaaa None 34.0.0rc1