Back to search
CVE-2019-11068
Published: Apr 10, 2019
Modified: May 28, 2026
PUBLISHED
Description
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update
mailing-list
x_refsource_MLIST
USN-3947-2
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20190422 Nokogiri security update v1.10.3
mailing-list
x_refsource_MLIST
USN-3947-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20190423 Re: Nokogiri security update v1.10.3
mailing-list
x_refsource_MLIST
openSUSE-SU-2019:1433
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1430
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1428
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1527
vendor-advisory
x_refsource_SUSE
FEDORA-2019-e21c77ffae
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-320d5295fc
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-e74d639587
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2019:1824
vendor-advisory
x_refsource_SUSE
https://security.netapp.com/advisory/ntap-20191017-0001/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now