Major Description
tika-bundle-standard-2.1.0.jar/xercesImpl-2.12.1.jarĀ
tika-bundle-standard is using xercesImpl-2.12.1.jar, which seems to be vulnerable. Please check.
Description :
Severity : Sonatype CVSS 3: 8.6CVE CVSS 2.0: 0.0
Weakness : Sonatype CWE: 611
Source : National Vulnerability Database
Categories : Data
Description from CVE : There XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
Explanation : This issue has undergone the Sonatype Fast-Track process. For more information, please see the Sonatype Knowledge Base Guide.
Root Cause : xercesImpl-2.12.1.jar : [ ,2.12.2]
Advisories : Project: http://www.openwall.com/lists/oss-security/2022/01/24/3
CVSS Details : Sonatype CVSS 3: 8.6CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Occurences (Paths) : ["/tika-bundle-standard-2.1.0.jar/xercesImpl-2.12.1.jar"]
CVE : CVE-2022-23437
URL : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437
Remediation : This component does not have any non-vulnerable Version. Please contact the vendor to get this vulnerability fixed.
First Scan Date : Wed Jan 26 02:49:18 IST 2022