You are viewing a plain text version of this content. The canonical link for it is here.

Posted to j-dev@xerces.apache.org by Mukul Gandhi <mu...@apache.org> on 2022/01/19 09:06:08 UTC

Apache XercesJ xml parser infinite loop

Hi all,
    Someone a while ago, reported a particular vulnerability within Apache
XercesJ XML parser, that causes the XercesJ XML parser to wait in an
infinite loop when provided with specially crafted XML document payloads.

This mailing list post, is to document this fact on an XercesJ public list,
as the requirement to handle that vulnerability as per apache's process.

The upcoming XercesJ version 2.12.2, would solve this mentioned XML parser
vulnerability.


-- 
Regards,
Mukul Gandhi