[ https://issues.apache.org/jira/browse/XERCESJ-1757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Danny Trunk closed XERCESJ-1757. -------------------------------- Resolution: Duplicate > CVE-2017-10355 > -------------- > > Key: XERCESJ-1757 > URL: https://issues.apache.org/jira/browse/XERCESJ-1757 > Project: Xerces2-J > Issue Type: Task > Affects Versions: 2.12.2 > Reporter: Danny Trunk > Priority: Critical > Labels: security > > *CVE-2017-10355* (OSSINDEX) > > sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS) The software > contains multiple threads or executable segments that are waiting for each > other to release a necessary lock, resulting in deadlock. > CWE-833 Deadlock > CVSSv3: > * Base Score: MEDIUM (5.9) > * Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H > References: > * OSSINDEX - [[CVE-2017-10355] CWE-833: > Deadlock|https://ossindex.sonatype.org/vulnerability/CVE-2017-10355?component-type=maven&component-name=xerces%2FxercesImpl&utm_source=dependency-check&utm_medium=integration&utm_content=8.2.1] > * OSSIndex - [https://blogs.securiteam.com/index.php/archives/3271] > > Vulnerable Software & Versions (OSSINDEX): > * cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:* -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: j-dev-h...@xerces.apache.org