Get a Demo

CVE

CVE-2022-23437

Infinite Loop in Apache Xerces Java

CVE

CVE-2022-23437

Infinite Loop in Apache Xerces Java

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Package Versions Affected

org.apache.cxf:cxf-core

Available by request

net.sf.saxon:Saxon-HE

Available by request

org.apache.ant:ant-junit

Available by request

net.sf.saxon:Saxon-HE

Available by request

net.sf.saxon:Saxon-HE

Available by request

net.sf.saxon:Saxon-HE

Available by request

net.sf.saxon:Saxon-HE

Available by request

org.apache.ant:ant-junit

Available by request

org.apache.ws.xmlschema:xmlschema-core

Available by request

org.apache.ant:ant-junit

Available by request

org.apache.ant:ant-junit

Available by request

org.apache.cxf:cxf-rt-wsdl

Available by request

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

C

H

U

-

C

H

U

-

Endor Labs

C

H

U

-

Related Resources

No items found.

References

Severity

6.5

CVSS Score

0

10

Basic Information

Ecosystem

Base CVSS

6.5

EPSS Probability

0.0009%

EPSS Percentile

0.26068%

Introduced Version

2.3.0

Fix Available

2.12.2

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading