Description

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Remediation

References

CVE-2022-25236

Related Vulnerabilities

MySQL CVE-2017-3636 Vulnerability (CVE-2017-3636)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2017-3730)

osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-2019)

WordPress Plugin WP Job Manager Unspecified Vulnerability (1.32.2)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609)

Severity

Critical

Classification

CVE-2022-25236 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities