14 lines
1.8 KiB
JSON
14 lines
1.8 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1625",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1625",
|
|
"title": "An update for xerces-j2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Moderate",
|
|
"description": "Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.\n\nThe Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.\n\nXerces 2 is a fully conforming XML Schema processor. For more information, refer to the XML Schema page.\n\nXerces 2 also provides a partial implementation of Document Object Model Level 3 Core, Load and Save and Abstract Schemas [deprecated] Working Drafts. For more information, refer to the DOM Level 3 Implementation page.\r\n\r\nSecurity Fix(es):\r\n\r\nThere s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-23437",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |