Vulnerabilities > Icedtea WEB Project > Icedtea WEB > 1.7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-31 | CVE-2019-10185 | Path Traversal vulnerability in multiple products It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. | 8.6 |
| 2019-07-31 | CVE-2019-10181 | Insufficient Verification of Data Authenticity vulnerability in multiple products It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. | 8.1 |
| 2019-07-31 | CVE-2019-10182 | Code Injection vulnerability in multiple products It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. | 6.5 |