VYPR
High severity7.5NVD Advisory· Published Jul 19, 2022· Updated Jun 17, 2026

CVE-2022-34169

CVE-2022-34169

Description

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
xalan:xalanMaven
< 2.7.32.7.3

Affected products

415

Patches

Vulnerability mechanics

References

46

News mentions

0

No linked articles in our index yet.