Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18237

Upgrade Apache Xerces Java to 2.12.2

    XMLWordPrintableJSON

Details

    • Reviewed
    • Apache Xerces has been updated to 2.12.2 to fix CVE-2022-23437

    Description

      Description

      https://github.com/advisories/GHSA-h65f-jvqw-m9fj

      There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

      References
      https://nvd.nist.gov/vuln/detail/CVE-2022-23437
      https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
      http://www.openwall.com/lists/oss-security/2022/01/24/3
      https://www.oracle.com/security-alerts/cpuapr2022.html

      Attachments

        Issue Links

          is depended upon by

          Task - A task that needs to be done. HADOOP-18305 Release Hadoop 3.3.4: minor update of hadoop-3.3.3

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4318

          Activity

            People

              groot Ashutosh Gupta
              groot Ashutosh Gupta
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h