Icedtea Web Icedtea Webproject Icedtea Web

stack.watch can email you when security vulnerabilities are reported in Icedtea Webproject Icedtea Web. You can add multiple products that you use with Icedtea Web to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in Icedtea Webproject Icedtea Web . Icedtea Web did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 1 6.50
2018 0 0.00

It may take a day or so for new Icedtea Web vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Icedtea Webproject Icedtea Web Security Vulnerabilities

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files

CVE-2019-10182 6.5 - Medium - July 31, 2019

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

CVE-2019-10182 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Directory traversal