CVE-2019-11068: libxslt: bypass of protection mechanism
CVSSv2: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Description:
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-11068: libxslt: bypass of protection mechanism
CVSSv2: 7.5 (AV:N/AC: L/Au:N/ C:P/I:P/ A:P)
Description:
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References: /nvd.nist. gov/vuln/ detail/ CVE-2019- 11068 /access. redhat. com/errata/ RHSA-2020: 4005 /lists. centos. org/pipermail/ centos- cr-announce/ 2020-October/ 012768. html*
https:/
https:/
https:/
Required package version: 1.1.28- 6.el7.src. rpm
libxslt-
Packages:
libxslt
Found during November 2020 StarlingX CVE Scan