GHSA-334p-wv2m-w3vp

Suggest an improvement
Source
https://github.com/advisories/GHSA-334p-wv2m-w3vp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-334p-wv2m-w3vp/GHSA-334p-wv2m-w3vp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-334p-wv2m-w3vp
Aliases
Published
2020-06-15T18:51:30Z
Modified
2024-02-16T08:16:58.940507Z
Summary
Denial of service in Apache Xerces2
Details

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

References

Affected packages

Maven / xerces:xercesImpl

Package

Name
xerces:xercesImpl
View open source insights on deps.dev
Purl
pkg:maven/xerces/xercesImpl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.0

Affected versions

2.*

2.0.0
2.0.2
2.2.1
2.3.0
2.4.0
2.5.0
2.6.0
2.6.1
2.6.2
2.6.2-jaxb-1.0.6
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1