69 matches found
Astra Linux - уязвимость в libwoodstox-java
Those who use Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially all...
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...
Unity Linux 20.1070e Security Update: woodstox-core (UTSA-2025-680589)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680589 advisory. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input,...
EUVD-2022-6677
Malicious code in bioql PyPI...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Woodstox
Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Woodstox CVE-2022-40151, CVE-2022-40155, CVE-2022-40153, CVE-2022-40152, CVE-2022-40154, CVE-2022-40156. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-40151...
Linux Distros Unpatched Vulnerability : CVE-2022-40152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
OESA-2024-2378 woodstox-core security update
Woodstox is a high-performance validating namespace-aware StAX-compliant JSR-173 Open Source XML-processor written in Java. XML processor means that it handles both input == parsing and output == writing, serialization, as well as supporting tasks such as validation. Security Fixes: Those using...
CVE-2024-46984
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
CVE-2024-46984
CVE-2024-46984 affects gematik app-referencevalidator’s referencevalidator Commons profile location routine, which is vulnerable to XML External Entities (XXE) due to insecure Woodstox WstxInputFactory defaults. A malicious XML resource can induce network requests and Server-Side Request Forgery ...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
Impact The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a Server Side...
Gematik Referenzvalidator 代码问题漏洞
Gematik Referenzvalidator is an open source tool from gematik. It is used for advanced validation of TI applications and Contoso resources for interoperability standards. A code issue exists in Gematik Referenzvalidator that stems from the use of insecure default settings in the Woodstox...
Oracle JDeveloper DoS (July 2024 CPU)
The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by denial of service vulnerability as referenced in the July 2024 CPU advisory. Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle...
[SECURITY] Fedora 40 Update: fasterxml-oss-parent-58-2.fc40
FasterXML is the business behind the Woodstox streaming XML parser, Jackson streaming JSON parser, the Aalto non-blocking XML parser, and a growing family of utility libraries and extensions. FasterXML offers consulting services for adoption, performance tuning, and extension. This package contai...
Medium: woodstox-core
Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...
Medium: woodstox-core
Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...