VDB

CVE-2019-10185

CVE-2019-10185 PUBLISHED

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.

EPSS 1.82% · 83.2th percentile

Risk Scores

EPSS Score
1.82%
83.2th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSicedtea-web0, 1.8-0ubuntu8~18.04, 1.6.2-3.1ubuntu3
Ubuntu:16.04:LTSicedtea-web1.5.2-1ubuntu2, 1.5.3-0ubuntu1, 1.6.1-1ubuntu2
Ubuntu:24.04:LTSicedtea-web1.8.8-2ubuntu1, 0, 1.8.8-2
Ubuntu:25.10icedtea-web1.8.8-3, 0
Ubuntu:22.04:LTSicedtea-web0, 1.8.4-1build1
Ubuntu:20.04:LTSicedtea-web0, 1.8-0ubuntu8

Exploit Intelligence

Timeline

  • Jul 31, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›