CVE-2022-40160 – commons-jxpath:commons-jxpath

Package

Manager: maven
Name: commons-jxpath:commons-jxpath
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: N/A

EPSS: 0.00089 pctl0.26329

Details

JXPath Out-of-bounds Write vulnerability ## Withdrawn This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. ## Original Description Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Metadata

Created: 2022-10-06T18:52:04Z
Modified: 2022-11-16T21:12:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-mqxp-cjr9-c5jm/GHSA-mqxp-cjr9-c5jm.json
CWE IDs: ["CWE-787"]
Alternative ID: GHSA-mqxp-cjr9-c5jm
Finding: N/A
Auto approve: 0