OSV-2024-93 Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66540 Crash type: Security exception Crash state: com.github.javaparser.ast.validator.TreeVisitorValidator.accept java.base/java.util.Arrays.copyOf java.base/java.util.ArrayList.grow...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

PT-2023-35871 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the CommentsInserter.insertComments function. It involves the java.base/java.util.Objects.equals and com.github.javaparser.Position.equals...

SUSE CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

xerces-j2: infinite loop when handling specially crafted XML document payloads

A flaw was found in the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition...

xerces-j2: infinite loop when handling specially crafted XML document payloads

A flaw was found in the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition...

OSV-2022-446 Uncaught exception in com.github.javaparser.GeneratedJavaParser.Expression

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47737 Crash type: Uncaught exception Crash state: com.github.javaparser.GeneratedJavaParser.Expression com.github.javaparser.Range.range com.github.javaparser.JavaToken...

GHSA-7J4H-8WPF-RQFH Missing XML Validation in Apache Xerces2

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

Missing XML Validation in Apache Xerces2

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

OESA-2022-1636 nekohtml security update

NekoHTML is a simple HTML scanner and tag balancer that enables application programmers to parse HTML documents and access the information using standard XML interfaces. Security Fixes: org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem...

OESA-2022-1625 xerces-j2 security update

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface XNI, a complete framework for building parser components and configurations that is extremely modul...

Design/Logic Flaw

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

OSV-2022-207 Uncaught exception in com.github.javaparser.GeneratedJavaParser.Expression

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45131 Crash type: Uncaught exception Crash state: com.github.javaparser.GeneratedJavaParser.Expression java.base/java.nio.CharBuffer.wrap java.base/sun.nio.cs.StreamDecoder.implRead...

CVE-2022-23437

There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...

Xerces 安全漏洞

Xerces is an organization promoted by Apache an XML document parsing open source project . A denial of service vulnerability exists in the XML parser in Apache Xerces Java version 2.12.1 and prior versions, which stems from a failure to properly handle incoming error messages, and can be exploite...

Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)

Summary IBM Sterling B2B Integrator has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker...

Advisory ROSA-SA-2021-1941

Software: orc 0.4.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-8015 CVE-Crit: HIGH CVE-DESC: In Apache ORC 1.0.0-1.4.3, a corrupted ORC file can trigger an infinitely recursive function call in a C ++ or Java parser. The consequence of this error is likely to be a denial of service for software that uses t...

Denial of service in Apache Xerces2

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted message to an XML service, which triggers hash table collisions...

Security Bulletin: Multiple vulnerabilities affect Rational Publishing Engine

Summary Multiple security vulnerabilities affecting Rational Publishing Engine. Vulnerability Details CVEID: CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in...

DEBIAN-CVE-2012-0881

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted message to an XML service, which triggers hash table collisions...