Description

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Remediation

References

CVE-2022-23437

Related Vulnerabilities

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)

phpMyAdmin Other Vulnerability (CVE-2001-0478)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25145)

WordPress Plugin Admin renamer extended Cross-Site Request Forgery (3.2.1)

Severity

Medium

Classification

CVE-2022-23437 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities