| Description: | Xalan-Java is an XSLT processor for transforming XML documents into HTML,text, or other XML document types.It was found that the secure processing feature of Xalan-Java hadinsufficient restrictions defined for certain properties and features.A remote attacker able to provide Extensible Stylesheet LanguageTransformations (XSLT) content to be processed by an application usingXalan-Java could use this flaw to bypass the intended constraints of thesecure processing feature. Depending on the components available in theclasspath, this could lead to arbitrary remote code execution in thecontext of the application server running the application that usesXalan-Java. (CVE-2014-0107)All xalan-j2 users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. |