Lucene search

GitHub Advisory DatabaseGHSA-MQXP-CJR9-C5JM

HistoryOct 06, 2022 - 6:52 p.m.

JXPath Out-of-bounds Write vulnerability

2022-10-0618:52:04

CWE-787

GitHub Advisory Database

github.com

jxpath

out-of-bounds write

vulnerability

withdrawn

denial of service

dos

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.3%

JSON

Withdrawn

This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references.

Original Description

Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Affected configurations

Vulners

Node

apachecommons_jxpathRange≤1.3

CPENameOperatorVersion
commons-jxpath:commons-jxpathle1.3

CPE	Name	Operator	Version
	commons-jxpath:commons-jxpath	le	1.3

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053

github.com/advisories/GHSA-mqxp-cjr9-c5jm

nvd.nist.gov/vuln/detail/CVE-2022-40160

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.3%

JSON

Related for GHSA-MQXP-CJR9-C5JM