[ 
https://issues.apache.org/jira/browse/XERCESJ-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mukul Gandhi resolved XERCESJ-1737.
-----------------------------------
    Fix Version/s: 2.12.2
       Resolution: Fixed

This issue, was fixed within XercesJ 2.12.2.

> [8.6] [CVE-2022-23437] [xercesImpl] [2.12.0]
> --------------------------------------------
>
>                 Key: XERCESJ-1737
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1737
>             Project: Xerces2-J
>          Issue Type: Bug
>    Affects Versions: 2.12.0, 2.12.1
>            Reporter: Rajesh
>            Priority: Major
>             Fix For: 2.12.2
>
>
> *Description :*
> *Severity :* Sonatype CVSS 3: 8.6CVE CVSS 2.0: 0.0
> *Weakness :* Sonatype CWE: 611
> *Source :* National Vulnerability Database
> *Categories :* Data
> *Description from CVE :* There XML parser when handling specially crafted XML 
> document payloads. This causes, the XercesJ XML parser to wait in an infinite 
> loop, which may sometimes consume system resources for prolonged duration. 
> This vulnerability is present within XercesJ version 2.12.1 and the previous 
> versions.
> *Explanation :* This issue has undergone the Sonatype Fast-Track process. For 
> more information, please see the Sonatype Knowledge Base Guide.
> *Root Cause :* xercesImpl-2.12.0.jar : [ ,2.12.2]
> *Advisories :* Project: 
> [http://www.openwall.com/lists/oss-security/2022/01/24/3]
> *CVSS Details :* Sonatype CVSS 3: 8.6CVSS Vector: 
> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/
> *CVE :* CVE-2022-23437
> *URL :* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-dev-h...@xerces.apache.org

Reply via email to