Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18237

Upgrade Apache Xerces Java to 2.12.2

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Reviewed
    • Apache Xerces has been updated to 2.12.2 to fix CVE-2022-23437

    Description

      Description

      https://github.com/advisories/GHSA-h65f-jvqw-m9fj

      There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

      References
      https://nvd.nist.gov/vuln/detail/CVE-2022-23437
      https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
      http://www.openwall.com/lists/oss-security/2022/01/24/3
      https://www.oracle.com/security-alerts/cpuapr2022.html

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            groot Ashutosh Gupta
            groot Ashutosh Gupta
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h

                Slack

                  Issue deployment