Description

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Remediation

References

CVE-2022-23437

Related Vulnerabilities

WordPress Plugin Product Addons & Fields for WooCommerce Unspecified Vulnerability (13.7)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.5.8)

WordPress Plugin Vodpod Video Gallery 'gid' Parameter Cross-Site Scripting (3.1.5)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-33359)

Oracle JRE CVE-2013-2419 Vulnerability (CVE-2013-2419)

Severity

Medium

Classification

CVE-2022-23437 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities