Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-40152 Vulnerability in maven package com.fasterxml.woodstox:woodstox-core

Description

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Remediation

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434

https://github.com/x-stream/xstream/issues/304

Related Vulnerabilities

CVE-2021-4279 Vulnerability in npm package fast-json-patch

CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2020-8244 Vulnerability in npm package bl

CVE-2022-23510 Vulnerability in npm package @cubejs-backend/api-gateway

CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core

Severity

High

Classification

CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Permissions Required Third Party Advisory Issue Tracking