CVE-2022-34169 (GCVE-0-2022-34169)

Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2026-05-27 12:51
VLAI
Title
Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • integer truncation
  • CWE-681 - Incorrect Conversion between Numeric Types
Assigner
References
URL Tags
https://lists.apache.org/thread/2qvl7r43wb4t8p9dd…
https://lists.apache.org/thread/12pxy4phsry6c34x2…
http://www.openwall.com/lists/oss-security/2022/07/19/5 mailing-list
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2022/07/19/6 mailing-list
http://www.openwall.com/lists/oss-security/2022/07/20/2 mailing-list
http://www.openwall.com/lists/oss-security/2022/07/20/3 mailing-list
https://www.debian.org/security/2022/dsa-5188 vendor-advisory
https://www.debian.org/security/2022/dsa-5192 vendor-advisory
https://security.netapp.com/advisory/ntap-2022072…
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
http://packetstormsecurity.com/files/168186/Xalan…
http://www.openwall.com/lists/oss-security/2022/10/18/2 mailing-list
https://lists.debian.org/debian-lts-announce/2022… mailing-list
https://www.debian.org/security/2022/dsa-5256 vendor-advisory
http://www.openwall.com/lists/oss-security/2022/11/04/8 mailing-list
http://www.openwall.com/lists/oss-security/2022/11/07/2 mailing-list
https://security.gentoo.org/glsa/202401-25
https://security.netapp.com/advisory/ntap-2024062…
Impacted products
Vendor Product Version
Apache Software Foundation Apache Xalan-J Affected: Xalan-J , ≤ 2.7.2 (custom)
Create a notification for this product.
Credits
Reported by Felix Wilhelm, Google Project Zero
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:16:17.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
          },
          {
            "name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
          },
          {
            "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
          },
          {
            "name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
          },
          {
            "name": "DSA-5188",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5188"
          },
          {
            "name": "DSA-5192",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5192"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
          },
          {
            "name": "FEDORA-2022-19b6f21746",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
          },
          {
            "name": "FEDORA-2022-ae563934f7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
          },
          {
            "name": "FEDORA-2022-e573851f56",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
          },
          {
            "name": "FEDORA-2022-d26586b419",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
          },
          {
            "name": "FEDORA-2022-80afe2304a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
          },
          {
            "name": "FEDORA-2022-b76ab52e73",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
          },
          {
            "name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
          },
          {
            "name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
          },
          {
            "name": "DSA-5256",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5256"
          },
          {
            "name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
          },
          {
            "name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-34169",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T16:24:49.067251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-681",
                "description": "CWE-681 Incorrect Conversion between Numeric Types",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T12:51:15.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Xalan-J",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.7.2",
              "status": "affected",
              "version": "Xalan-J",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by Felix Wilhelm, Google Project Zero"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "integer truncation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:47.103Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
        },
        {
          "url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
        },
        {
          "name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
        },
        {
          "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
        },
        {
          "name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
        },
        {
          "name": "DSA-5188",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5188"
        },
        {
          "name": "DSA-5192",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5192"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
        },
        {
          "name": "FEDORA-2022-19b6f21746",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
        },
        {
          "name": "FEDORA-2022-ae563934f7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
        },
        {
          "name": "FEDORA-2022-e573851f56",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
        },
        {
          "name": "FEDORA-2022-d26586b419",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
        },
        {
          "name": "FEDORA-2022-80afe2304a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
        },
        {
          "name": "FEDORA-2022-b76ab52e73",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
        },
        {
          "url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
        },
        {
          "name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
        },
        {
          "name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
        },
        {
          "name": "DSA-5256",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5256"
        },
        {
          "name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
        },
        {
          "name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-25"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-34169",
    "datePublished": "2022-07-19T00:00:00.000Z",
    "dateReserved": "2022-06-21T00:00:00.000Z",
    "dateUpdated": "2026-05-27T12:51:15.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-34169",
      "date": "2026-06-28",
      "epss": "0.17673",
      "percentile": "0.96775"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.7.2\", \"matchCriteriaId\": \"E406791B-F9FD-4E3F-831C-296D8F8FF9BE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"7D961E24-EA18-4217-B5F5-F847726D84E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"601D92C4-F71F-47E2-9041-5C286D2137F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"B18FE85D-C53D-44E9-8992-715820D1264B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB2A5440-7FA7-4A86-AA19-E2ABBD809B19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C0485FC-E4B2-464E-8228-1387AC5F353B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AF3539B-0434-4310-AE88-F46864C7C20F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5CC9398-71B6-4480-95ED-EDCE838D157E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*\", \"matchCriteriaId\": \"60614E43-090E-44D7-94AD-FFAE38FF111F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*\", \"matchCriteriaId\": \"131E1C9E-721C-4176-B78B-69C01F90A9A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD4BFA12-588A-4D8D-B45F-648A55EC674C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EF9CFB1-CEC9-483E-BECF-618190C03944\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11\", \"versionEndIncluding\": \"11.0.15\", \"matchCriteriaId\": \"DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13\", \"versionEndIncluding\": \"13.0.11\", \"matchCriteriaId\": \"8CA6BC07-2BDA-4913-AF2B-FD2146B0E539\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15\", \"versionEndIncluding\": \"15.0.7\", \"matchCriteriaId\": \"5A2E366B-549D-48C5-B3FB-AD0E8C75AE08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17\", \"versionEndIncluding\": \"17.0.3\", \"matchCriteriaId\": \"15FD6A0B-BB1A-4875-926C-AB1B6EC1A053\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"02011EDC-20A7-4A16-A592-7C76E0037997\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC6D4652-1226-4C60-BEDF-01EBF8AC0849\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C1F9ED7-7D93-41F4-9130-15BA734420AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CF9CDF1-95D3-4125-A73F-396D2280FC4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*\", \"matchCriteriaId\": \"A13266DC-F8D9-4F30-987F-65BBEAF8D3A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*\", \"matchCriteriaId\": \"C28388AB-CFC9-4749-A90F-383F5B905EA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA1B00F9-A81C-48B7-8DAA-F394DDF323F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA7AD457-6CE6-4925-8D94-A907B40233D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*\", \"matchCriteriaId\": \"5480E5AD-DB46-474A-9B57-84ED088A75FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*\", \"matchCriteriaId\": \"881A4AE9-6012-4E91-98BE-0A352CC20703\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E1079-57D9-473B-A017-964F4745F329\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D6446E-2915-4F12-87BE-E7420BC2626E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*\", \"matchCriteriaId\": \"564EDCE3-16E6-401D-8A43-032D1F8875E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*\", \"matchCriteriaId\": \"08278802-D31B-488A-BA6A-EBC816DF883A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*\", \"matchCriteriaId\": \"72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BBB0969-565E-43E2-B067-A10AAA5F1958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*\", \"matchCriteriaId\": \"D78BE95D-6270-469A-8035-FCDDB398F952\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*\", \"matchCriteriaId\": \"88C24F40-3150-4584-93D9-8307DE04EEE9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*\", \"matchCriteriaId\": \"19626B36-62FC-4497-A2E1-7D6CD9839B19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*\", \"matchCriteriaId\": \"5713AEBD-35F6-44E8-A0CC-A42830D7AE20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BE0C04B-440E-4B35-ACC8-6264514F764C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*\", \"matchCriteriaId\": \"555EC2A6-0475-48ED-AE0C-B306714A9333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*\", \"matchCriteriaId\": \"02C55E2E-AEDE-455C-B128-168C918B5D97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*\", \"matchCriteriaId\": \"81831D37-6597-441B-87DE-38F7191BEA42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEA1594D-0AB5-436D-9E60-C26EE2175753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*\", \"matchCriteriaId\": \"B868FA41-C71B-491C-880B-484740B30C72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C242D3BE-9114-4A9E-BB78-45754C7CC450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*\", \"matchCriteriaId\": \"95954182-9541-4181-9647-B17FA5A79F9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F6F0137-F91F-4028-BED2-C29640D52C23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAFB6B15-4AE6-47FC-8847-9DFADB7AE253\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D61068FE-18EE-4ADB-BC69-A3ECE8724575\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFB59E80-4EC4-4399-BF40-6733E4E475A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*\", \"matchCriteriaId\": \"84E31265-22E1-4E91-BFCB-D2AFF445926A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*\", \"matchCriteriaId\": \"50319E52-8739-47C5-B61E-3CA9B6A9A48F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ED515B9-DC74-4DC5-B98A-08D87D85E11E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D1D4868-1F9F-43F7-968C-6469B67D3F1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*\", \"matchCriteriaId\": \"568F1AC4-B0D7-4438-82E5-0E61500F2240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*\", \"matchCriteriaId\": \"14E9133E-9FF3-40DB-9A11-7469EF5FD265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*\", \"matchCriteriaId\": \"94834710-3FA9-49D9-8600-B514CBCA4270\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*\", \"matchCriteriaId\": \"4228D9E1-7D82-4B49-9669-9CDAD7187432\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6231F48-2936-4F7D-96D5-4BA11F78EBE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*\", \"matchCriteriaId\": \"D96D5061-4A81-497E-9AD6-A8381B3B454C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*\", \"matchCriteriaId\": \"5345C21E-A01B-43B9-9A20-F2783D921C60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*\", \"matchCriteriaId\": \"B219F360-83BD-4111-AB59-C9D4F55AF4C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*\", \"matchCriteriaId\": \"D25377EA-8E8F-4C76-8EA9-3BBDFB352815\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*\", \"matchCriteriaId\": \"59FEFE05-269A-4EAF-A80F-E4C2107B1197\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7E2AA7C-F602-4DB7-9EC1-0708C46C253C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB70E154-A304-429E-80F5-8D87B00E32D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"70892D06-6E75-4425-BBF0-4B684EC62A1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7417B2BB-9AC2-4AF4-A828-C89A0735AD92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A0A57B5-6F88-4288-9CDE-F6613FE068D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*\", \"matchCriteriaId\": \"67ED8559-C348-4932-B7CE-CB96976A30EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*\", \"matchCriteriaId\": \"40AC3D91-263F-4345-9FAA-0E573EA64590\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD92AFA9-81F8-48D4-B79A-E7F066F69A99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C4B2F24-A730-4818-90C8-A2D90C081F03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*\", \"matchCriteriaId\": \"464087F2-C285-4574-957E-CE0663F07DE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E9BB880-A4F6-4887-8BB9-47AA298753D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*\", \"matchCriteriaId\": \"18DCFF53-B298-4534-AB5C-8A5EF59C616F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*\", \"matchCriteriaId\": \"083419F8-FDDF-4E36-88F8-857DB317C1D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7A74F65-57E8-4C9A-BA96-5EF401504F13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D0B90FC-57B6-4315-9B29-3C36E58B2CF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*\", \"matchCriteriaId\": \"07812576-3C35-404C-A7D7-9BE9E3D76E00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*\", \"matchCriteriaId\": \"00C52B1C-5447-4282-9667-9EBE0720B423\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BB9EB0-0C12-4E77-89EE-FB77097841B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABC0E7BB-F8B7-4369-9910-71240E4073A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*\", \"matchCriteriaId\": \"551B2640-8CEC-4C24-AF8B-7A7CEF864D9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AE30779-48FB-451E-8CE1-F469F93B8772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*\", \"matchCriteriaId\": \"60590FDE-7156-4314-A012-AA38BD2ADDC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE51AD3A-8331-4E8F-9DB1-7A0051731DFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*\", \"matchCriteriaId\": \"F24F6122-2256-41B6-9033-794C6424ED99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EAFA79E-8C7A-48CF-8868-11378FE4B26F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1D6F19F-59B5-4BB6-AD35-013384025970\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7BA97BC-3ADA-465A-835B-6C3C5F416B56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*\", \"matchCriteriaId\": \"B71F77A4-B7EB-47A1-AAFD-431A7D040B86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*\", \"matchCriteriaId\": \"91D6BEA9-5943-44A4-946D-CEAA9BA99376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*\", \"matchCriteriaId\": \"C079A3E0-44EB-4B9C-B4FC-B7621D165C3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CB74086-14B8-4237-8357-E0C6B5BB8313\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*\", \"matchCriteriaId\": \"00C2B9C9-1177-4DA6-96CE-55F37F383F99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*\", \"matchCriteriaId\": \"435CF189-0BD8-40DF-A0DC-99862CDEAF8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*\", \"matchCriteriaId\": \"12A3F367-33AD-47C3-BFDC-871A17E72C94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*\", \"matchCriteriaId\": \"A18F994F-72CA-4AF5-A7D1-9F5AEA286D85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*\", \"matchCriteriaId\": \"78261932-7373-4F16-91E0-1A72ADBEBC3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BD90D3D-9B3A-4101-9A8A-5090F0A9719F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*\", \"matchCriteriaId\": \"B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5A40B8A-D428-4008-9F21-AF21394C51D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEC5B777-01E1-45EE-AF95-C3BD1F098B2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B504718-5DCE-43B4-B19A-C6B6E7444BD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*\", \"matchCriteriaId\": \"3102AA10-99A8-49A9-867E-7EEC56865680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*\", \"matchCriteriaId\": \"15BA8A26-2CDA-442B-A549-6BE92DCCD205\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*\", \"matchCriteriaId\": \"56F2883B-6A1B-4081-8877-07AF3A73F6CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C0742E-ACDD-4DB4-8A4C-B96702C8976C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8483034-DD5A-445D-892F-CDE90A7D58EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*\", \"matchCriteriaId\": \"1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*\", \"matchCriteriaId\": \"8279718F-878F-4868-8859-1728D13CD0D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C024E1A-FD2C-42E8-B227-C2AFD3040436\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F24389D-DDD0-4204-AA24-31C920A4F47E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*\", \"matchCriteriaId\": \"966979BE-1F21-4729-B6B8-610F74648344\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8534265-33BF-460D-BF74-5F55FDE50F29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*\", \"matchCriteriaId\": \"F77AFC25-1466-4E56-9D5F-6988F3288E16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*\", \"matchCriteriaId\": \"A650BEB8-E56F-4E42-9361-8D2DB083F0F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*\", \"matchCriteriaId\": \"799FFECD-E80A-44B3-953D-CDB5E195F3AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7047507-7CAF-4A14-AA9A-5CEF806EDE98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFC7B179-95D3-4F94-84F6-73F1034A1AF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FB28526-9385-44CA-AF08-1899E6C3AE4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*\", \"matchCriteriaId\": \"E26B69E4-0B43-415F-A82B-52FDCB262B3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*\", \"matchCriteriaId\": \"27BC4150-70EC-462B-8FC5-20B3442CBB31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*\", \"matchCriteriaId\": \"02646989-ECD9-40AE-A83E-EFF4080C69B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56CBFC1F-C120-44F2-877A-C1C880AA89C4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCAA4004-9319-478C-9D55-0E8307F872F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3C19813-E823-456A-B1CE-EC0684CE1953\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD7447BC-F315-4298-A822-549942FC118B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E4633C4-E552-439D-8FE4-139E3A7956CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50C77346-8893-44F0-B0D1-5D4D30A9CA3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63E58DE0-A96A-452E-986F-3BD2FEA7C723\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD7A33EC-DE03-424F-9796-E5EA071FF6CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6302149-28AA-481E-BC6C-87D05E73768A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20DFD9D8-8648-40F7-81B8-04F852A337FA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.\"}, {\"lang\": \"es\", \"value\": \"La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT maliciosas. Esto puede usarse para corromper los archivos de clase Java generados por el compilador interno XSLTC y ejecutar c\\u00f3digo de bytes Java arbitrario. El proyecto Apache Xalan Java est\\u00e1 inactivo y en proceso de ser retirado. No son esperadas futuras versiones de Apache Xalan Java que abordan este problema. Nota: Los tiempos de ejecuci\\u00f3n de Java (como OpenJDK) incluyen copias reempaquetadas de Xalan.\"}]",
      "id": "CVE-2022-34169",
      "lastModified": "2024-11-21T07:08:59.400",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-07-19T18:15:11.740",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/5\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/6\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/2\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/3\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/18/2\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/04/8\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/07/2\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-25\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220729-0009/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5188\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5192\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5256\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/18/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/04/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/07/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-25\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220729-0009/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5188\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5192\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5256\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-681\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-34169\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-07-19T18:15:11.740\",\"lastModified\":\"2026-06-17T04:49:50.163\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.\"},{\"lang\":\"es\",\"value\":\"La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT maliciosas. Esto puede usarse para corromper los archivos de clase Java generados por el compilador interno XSLTC y ejecutar c\u00f3digo de bytes Java arbitrario. El proyecto Apache Xalan Java est\u00e1 inactivo y en proceso de ser retirado. No son esperadas futuras versiones de Apache Xalan Java que abordan este problema. Nota: Los tiempos de ejecuci\u00f3n de Java (como OpenJDK) incluyen copias reempaquetadas de Xalan.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Xalan-J\",\"versions\":[{\"version\":\"Xalan-J\",\"lessThanOrEqual\":\"2.7.2\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-05-20T16:24:49.067251Z\",\"id\":\"CVE-2022-34169\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-681\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-681\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.2\",\"matchCriteriaId\":\"E406791B-F9FD-4E3F-831C-296D8F8FF9BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"7D961E24-EA18-4217-B5F5-F847726D84E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"601D92C4-F71F-47E2-9041-5C286D2137F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B18FE85D-C53D-44E9-8992-715820D1264B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB2A5440-7FA7-4A86-AA19-E2ABBD809B19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C0485FC-E4B2-464E-8228-1387AC5F353B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AF3539B-0434-4310-AE88-F46864C7C20F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5CC9398-71B6-4480-95ED-EDCE838D157E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*\",\"matchCriteriaId\":\"60614E43-090E-44D7-94AD-FFAE38FF111F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*\",\"matchCriteriaId\":\"131E1C9E-721C-4176-B78B-69C01F90A9A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD4BFA12-588A-4D8D-B45F-648A55EC674C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EF9CFB1-CEC9-483E-BECF-618190C03944\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11\",\"versionEndIncluding\":\"11.0.15\",\"matchCriteriaId\":\"DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13\",\"versionEndIncluding\":\"13.0.11\",\"matchCriteriaId\":\"8CA6BC07-2BDA-4913-AF2B-FD2146B0E539\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15\",\"versionEndIncluding\":\"15.0.7\",\"matchCriteriaId\":\"5A2E366B-549D-48C5-B3FB-AD0E8C75AE08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17\",\"versionEndIncluding\":\"17.0.3\",\"matchCriteriaId\":\"15FD6A0B-BB1A-4875-926C-AB1B6EC1A053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"02011EDC-20A7-4A16-A592-7C76E0037997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC6D4652-1226-4C60-BEDF-01EBF8AC0849\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1F9ED7-7D93-41F4-9130-15BA734420AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CF9CDF1-95D3-4125-A73F-396D2280FC4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*\",\"matchCriteriaId\":\"A13266DC-F8D9-4F30-987F-65BBEAF8D3A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*\",\"matchCriteriaId\":\"C28388AB-CFC9-4749-A90F-383F5B905EA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA1B00F9-A81C-48B7-8DAA-F394DDF323F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA7AD457-6CE6-4925-8D94-A907B40233D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"5480E5AD-DB46-474A-9B57-84ED088A75FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"881A4AE9-6012-4E91-98BE-0A352CC20703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E1079-57D9-473B-A017-964F4745F329\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D6446E-2915-4F12-87BE-E7420BC2626E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*\",\"matchCriteriaId\":\"564EDCE3-16E6-401D-8A43-032D1F8875E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*\",\"matchCriteriaId\":\"08278802-D31B-488A-BA6A-EBC816DF883A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*\",\"matchCriteriaId\":\"72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BBB0969-565E-43E2-B067-A10AAA5F1958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*\",\"matchCriteriaId\":\"D78BE95D-6270-469A-8035-FCDDB398F952\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*\",\"matchCriteriaId\":\"88C24F40-3150-4584-93D9-8307DE04EEE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*\",\"matchCriteriaId\":\"19626B36-62FC-4497-A2E1-7D6CD9839B19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*\",\"matchCriteriaId\":\"5713AEBD-35F6-44E8-A0CC-A42830D7AE20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BE0C04B-440E-4B35-ACC8-6264514F764C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*\",\"matchCriteriaId\":\"555EC2A6-0475-48ED-AE0C-B306714A9333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C55E2E-AEDE-455C-B128-168C918B5D97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*\",\"matchCriteriaId\":\"81831D37-6597-441B-87DE-38F7191BEA42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA1594D-0AB5-436D-9E60-C26EE2175753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*\",\"matchCriteriaId\":\"B868FA41-C71B-491C-880B-484740B30C72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C242D3BE-9114-4A9E-BB78-45754C7CC450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*\",\"matchCriteriaId\":\"95954182-9541-4181-9647-B17FA5A79F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F6F0137-F91F-4028-BED2-C29640D52C23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAFB6B15-4AE6-47FC-8847-9DFADB7AE253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D61068FE-18EE-4ADB-BC69-A3ECE8724575\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB59E80-4EC4-4399-BF40-6733E4E475A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*\",\"matchCriteriaId\":\"84E31265-22E1-4E91-BFCB-D2AFF445926A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*\",\"matchCriteriaId\":\"50319E52-8739-47C5-B61E-3CA9B6A9A48F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED515B9-DC74-4DC5-B98A-08D87D85E11E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1D4868-1F9F-43F7-968C-6469B67D3F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*\",\"matchCriteriaId\":\"568F1AC4-B0D7-4438-82E5-0E61500F2240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*\",\"matchCriteriaId\":\"14E9133E-9FF3-40DB-9A11-7469EF5FD265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"94834710-3FA9-49D9-8600-B514CBCA4270\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*\",\"matchCriteriaId\":\"4228D9E1-7D82-4B49-9669-9CDAD7187432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6231F48-2936-4F7D-96D5-4BA11F78EBE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*\",\"matchCriteriaId\":\"D96D5061-4A81-497E-9AD6-A8381B3B454C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*\",\"matchCriteriaId\":\"5345C21E-A01B-43B9-9A20-F2783D921C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"B219F360-83BD-4111-AB59-C9D4F55AF4C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*\",\"matchCriteriaId\":\"D25377EA-8E8F-4C76-8EA9-3BBDFB352815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FEFE05-269A-4EAF-A80F-E4C2107B1197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E2AA7C-F602-4DB7-9EC1-0708C46C253C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB70E154-A304-429E-80F5-8D87B00E32D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"70892D06-6E75-4425-BBF0-4B684EC62A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7417B2BB-9AC2-4AF4-A828-C89A0735AD92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A0A57B5-6F88-4288-9CDE-F6613FE068D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"67ED8559-C348-4932-B7CE-CB96976A30EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"40AC3D91-263F-4345-9FAA-0E573EA64590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD92AFA9-81F8-48D4-B79A-E7F066F69A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4B2F24-A730-4818-90C8-A2D90C081F03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"464087F2-C285-4574-957E-CE0663F07DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E9BB880-A4F6-4887-8BB9-47AA298753D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*\",\"matchCriteriaId\":\"18DCFF53-B298-4534-AB5C-8A5EF59C616F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*\",\"matchCriteriaId\":\"083419F8-FDDF-4E36-88F8-857DB317C1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7A74F65-57E8-4C9A-BA96-5EF401504F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D0B90FC-57B6-4315-9B29-3C36E58B2CF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*\",\"matchCriteriaId\":\"07812576-3C35-404C-A7D7-9BE9E3D76E00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C52B1C-5447-4282-9667-9EBE0720B423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BB9EB0-0C12-4E77-89EE-FB77097841B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC0E7BB-F8B7-4369-9910-71240E4073A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*\",\"matchCriteriaId\":\"551B2640-8CEC-4C24-AF8B-7A7CEF864D9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AE30779-48FB-451E-8CE1-F469F93B8772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*\",\"matchCriteriaId\":\"60590FDE-7156-4314-A012-AA38BD2ADDC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE51AD3A-8331-4E8F-9DB1-7A0051731DFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*\",\"matchCriteriaId\":\"F24F6122-2256-41B6-9033-794C6424ED99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAFA79E-8C7A-48CF-8868-11378FE4B26F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1D6F19F-59B5-4BB6-AD35-013384025970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BA97BC-3ADA-465A-835B-6C3C5F416B56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71F77A4-B7EB-47A1-AAFD-431A7D040B86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*\",\"matchCriteriaId\":\"91D6BEA9-5943-44A4-946D-CEAA9BA99376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*\",\"matchCriteriaId\":\"C079A3E0-44EB-4B9C-B4FC-B7621D165C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CB74086-14B8-4237-8357-E0C6B5BB8313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C2B9C9-1177-4DA6-96CE-55F37F383F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*\",\"matchCriteriaId\":\"435CF189-0BD8-40DF-A0DC-99862CDEAF8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A3F367-33AD-47C3-BFDC-871A17E72C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18F994F-72CA-4AF5-A7D1-9F5AEA286D85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*\",\"matchCriteriaId\":\"78261932-7373-4F16-91E0-1A72ADBEBC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD90D3D-9B3A-4101-9A8A-5090F0A9719F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*\",\"matchCriteriaId\":\"B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5A40B8A-D428-4008-9F21-AF21394C51D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC5B777-01E1-45EE-AF95-C3BD1F098B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B504718-5DCE-43B4-B19A-C6B6E7444BD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*\",\"matchCriteriaId\":\"3102AA10-99A8-49A9-867E-7EEC56865680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*\",\"matchCriteriaId\":\"15BA8A26-2CDA-442B-A549-6BE92DCCD205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F2883B-6A1B-4081-8877-07AF3A73F6CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C0742E-ACDD-4DB4-8A4C-B96702C8976C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8483034-DD5A-445D-892F-CDE90A7D58EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*\",\"matchCriteriaId\":\"1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*\",\"matchCriteriaId\":\"8279718F-878F-4868-8859-1728D13CD0D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C024E1A-FD2C-42E8-B227-C2AFD3040436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F24389D-DDD0-4204-AA24-31C920A4F47E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*\",\"matchCriteriaId\":\"966979BE-1F21-4729-B6B8-610F74648344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8534265-33BF-460D-BF74-5F55FDE50F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*\",\"matchCriteriaId\":\"F77AFC25-1466-4E56-9D5F-6988F3288E16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*\",\"matchCriteriaId\":\"A650BEB8-E56F-4E42-9361-8D2DB083F0F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*\",\"matchCriteriaId\":\"799FFECD-E80A-44B3-953D-CDB5E195F3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7047507-7CAF-4A14-AA9A-5CEF806EDE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC7B179-95D3-4F94-84F6-73F1034A1AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FB28526-9385-44CA-AF08-1899E6C3AE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*\",\"matchCriteriaId\":\"E26B69E4-0B43-415F-A82B-52FDCB262B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*\",\"matchCriteriaId\":\"27BC4150-70EC-462B-8FC5-20B3442CBB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*\",\"matchCriteriaId\":\"02646989-ECD9-40AE-A83E-EFF4080C69B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56CBFC1F-C120-44F2-877A-C1C880AA89C4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCAA4004-9319-478C-9D55-0E8307F872F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E4633C4-E552-439D-8FE4-139E3A7956CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50C77346-8893-44F0-B0D1-5D4D30A9CA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E58DE0-A96A-452E-986F-3BD2FEA7C723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD7A33EC-DE03-424F-9796-E5EA071FF6CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6302149-28AA-481E-BC6C-87D05E73768A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DFD9D8-8648-40F7-81B8-04F852A337FA\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/19/5\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/19/6\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/20/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/20/3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/18/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/04/8\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/07/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/202401-25\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220729-0009/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5188\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5192\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5256\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/19/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/19/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/20/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/04/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/07/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202401-25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220729-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/5\", \"name\": \"[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/6\", \"name\": \"[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/2\", \"name\": \"[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/3\", \"name\": \"[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5188\", \"name\": \"DSA-5188\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5192\", \"name\": \"DSA-5192\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220729-0009/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/\", \"name\": \"FEDORA-2022-19b6f21746\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/\", \"name\": \"FEDORA-2022-ae563934f7\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/\", \"name\": \"FEDORA-2022-e573851f56\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/\", \"name\": \"FEDORA-2022-d26586b419\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/\", \"name\": \"FEDORA-2022-80afe2304a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/\", \"name\": \"FEDORA-2022-b76ab52e73\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/18/2\", \"name\": \"[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5256\", \"name\": \"DSA-5256\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/04/8\", \"name\": \"[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/07/2\", \"name\": \"[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-25\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T08:16:17.277Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-34169\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-20T16:24:49.067251Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-681\", \"description\": \"CWE-681 Incorrect Conversion between Numeric Types\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T16:24:47.647Z\"}}], \"cna\": {\"title\": \"Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Reported by Felix Wilhelm, Google Project Zero\"}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Xalan-J\", \"versions\": [{\"status\": \"affected\", \"version\": \"Xalan-J\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.7.2\"}]}], \"references\": [{\"url\": \"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8\"}, {\"url\": \"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/5\", \"name\": \"[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/19/6\", \"name\": \"[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/2\", \"name\": \"[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/20/3\", \"name\": \"[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5188\", \"name\": \"DSA-5188\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5192\", \"name\": \"DSA-5192\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220729-0009/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/\", \"name\": \"FEDORA-2022-19b6f21746\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/\", \"name\": \"FEDORA-2022-ae563934f7\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/\", \"name\": \"FEDORA-2022-e573851f56\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/\", \"name\": \"FEDORA-2022-d26586b419\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/\", \"name\": \"FEDORA-2022-80afe2304a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/\", \"name\": \"FEDORA-2022-b76ab52e73\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/18/2\", \"name\": \"[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5256\", \"name\": \"DSA-5256\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/04/8\", \"name\": \"[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/07/2\", \"name\": \"[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-25\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"integer truncation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-06-21T19:07:47.103Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-34169\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T12:51:15.955Z\", \"dateReserved\": \"2022-06-21T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2022-07-19T00:00:00.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.