Description

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Remediation

References

CVE-2022-23437

Related Vulnerabilities

Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)

WordPress Plugin Shared Files-Easy Download Manager and File Sharing with Frontend File Upload Cross-Site Scripting (1.6.56)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17081)

MySQL CVE-2023-21877 Vulnerability (CVE-2023-21877)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)

Severity

Medium

Classification

CVE-2022-23437 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities