You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-dev@xerces.apache.org by Mukul Gandhi <mu...@apache.org> on 2022/01/19 09:06:08 UTC
Apache XercesJ xml parser infinite loop
Hi all,
Someone a while ago, reported a particular vulnerability within Apache
XercesJ XML parser, that causes the XercesJ XML parser to wait in an
infinite loop when provided with specially crafted XML document payloads.
This mailing list post, is to document this fact on an XercesJ public list,
as the requirement to handle that vulnerability as per apache's process.
The upcoming XercesJ version 2.12.2, would solve this mentioned XML parser
vulnerability.
--
Regards,
Mukul Gandhi