[ https://issues.apache.org/jira/browse/XERCESJ-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mukul Gandhi resolved XERCESJ-1737. ----------------------------------- Fix Version/s: 2.12.2 Resolution: Fixed This issue, was fixed within XercesJ 2.12.2. > [8.6] [CVE-2022-23437] [xercesImpl] [2.12.0] > -------------------------------------------- > > Key: XERCESJ-1737 > URL: https://issues.apache.org/jira/browse/XERCESJ-1737 > Project: Xerces2-J > Issue Type: Bug > Affects Versions: 2.12.0, 2.12.1 > Reporter: Rajesh > Priority: Major > Fix For: 2.12.2 > > > *Description :* > *Severity :* Sonatype CVSS 3: 8.6CVE CVSS 2.0: 0.0 > *Weakness :* Sonatype CWE: 611 > *Source :* National Vulnerability Database > *Categories :* Data > *Description from CVE :* There XML parser when handling specially crafted XML > document payloads. This causes, the XercesJ XML parser to wait in an infinite > loop, which may sometimes consume system resources for prolonged duration. > This vulnerability is present within XercesJ version 2.12.1 and the previous > versions. > *Explanation :* This issue has undergone the Sonatype Fast-Track process. For > more information, please see the Sonatype Knowledge Base Guide. > *Root Cause :* xercesImpl-2.12.0.jar : [ ,2.12.2] > *Advisories :* Project: > [http://www.openwall.com/lists/oss-security/2022/01/24/3] > *CVSS Details :* Sonatype CVSS 3: 8.6CVSS Vector: > CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/ > *CVE :* CVE-2022-23437 > *URL :* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437] -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: j-dev-h...@xerces.apache.org