CVE-2022-40158 – commons-jxpath:commons-jxpath

Package

Manager: maven
Name: commons-jxpath:commons-jxpath
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

JXPath Out-of-bounds Write vulnerability ## Withdrawn This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. ## Original Description Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Metadata

Created: 2022-10-06T18:52:04Z
Modified: 2022-11-10T22:39:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-mf2h-6mg2-px9x/GHSA-mf2h-6mg2-px9x.json
CWE IDs: ["CWE-787"]
Alternative ID: GHSA-mf2h-6mg2-px9x
Finding: N/A
Auto approve: 0