Denial of service in Apache Xerces2
High severity
GitHub Reviewed
Published
Jun 15, 2020
to the GitHub Advisory Database
•
Updated Feb 13, 2023
Description
Published by the National Vulnerability Database
Oct 30, 2017
Reviewed
Jun 15, 2020
Published to the GitHub Advisory Database
Jun 15, 2020
Last updated
Feb 13, 2023
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
References