Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 2020-09-17 |
Product | Xerces | Last view | 2020-09-17 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:redhat:xerces:*:*:*:*:*:*:*:* | 1 |
cpe:2.3:a:redhat:xerces:2.12.0:sp1:*:*:*:*:*:* | 1 |
cpe:2.3:a:redhat:xerces:2.12.0:sp2:*:*:*:*:*:* | 1 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.3 | 2020-09-17 | CVE-2020-14338 | A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-20 | Improper Input Validation |