{"affected":[{"ecosystem_specific":{"binaries":[{"jakarta-taglibs-standard":"1.1.1-234.31.1","jakarta-taglibs-standard-javadoc":"1.1.1-234.31.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"jakarta-taglibs-standard","purl":"pkg:rpm/suse/jakarta-taglibs-standard&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-234.31.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jakarta-taglibs-standard":"1.1.1-234.31.1","jakarta-taglibs-standard-javadoc":"1.1.1-234.31.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"jakarta-taglibs-standard","purl":"pkg:rpm/suse/jakarta-taglibs-standard&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-234.31.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for jakarta-taglibs-standard fixes the following issues:\n\n- CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813)\n","id":"SUSE-SU-2017:1701-1","modified":"2017-06-26T16:30:06Z","published":"2017-06-26T16:30:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171701-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/920813"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0254"}],"related":["CVE-2015-0254"],"summary":"Security update for jakarta-taglibs-standard","upstream":["CVE-2015-0254"]}