cvedb.io
CVE-2022-23437
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-01-24T15:15:09.317 · Last modified 2026-06-17T04:30:00.593

Summary

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Affected products

apache — xerces-j

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.