Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
Typemaven
Namespacecom.fasterxml.woodstox
Namewoodstox-core
Version5.4.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.4.0
Latest_non_vulnerable_version6.4.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1xyr-vr5v-tbea
vulnerability_id VCID-1xyr-vr5v-tbea
summary 
Denial of Service due to parser crash
## Withdrawn

This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue [here](https://github.com/x-stream/xstream/issues/304#issuecomment-1293654236) for more information.

## Original Despcription 

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40156.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40156.json
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50841
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50841
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
4
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
5
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
6
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
7
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/304
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40156
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40156
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134288
reference_id 2134288
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134288
10
reference_url https://github.com/advisories/GHSA-4rv7-wj6m-6c6r
reference_id GHSA-4rv7-wj6m-6c6r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rv7-wj6m-6c6r
11
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
12
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
13
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
fixed_packages
0
url pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
1
url pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
aliases CVE-2022-40156, GHSA-4rv7-wj6m-6c6r
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xyr-vr5v-tbea
1
url VCID-9kde-ya39-8bee
vulnerability_id VCID-9kde-ya39-8bee
summary 
Denial of Service via stack overflow
## Withdrawn

This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue [here](https://github.com/x-stream/xstream/issues/304#issuecomment-1293654236) for more information.

## Original Despcription 

Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40155.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40155.json
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50428
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50428
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
4
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
5
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
6
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
7
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/304
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40155
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40155
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134289
reference_id 2134289
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134289
10
reference_url https://github.com/advisories/GHSA-5hc5-c3m9-8vcj
reference_id GHSA-5hc5-c3m9-8vcj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hc5-c3m9-8vcj
11
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
fixed_packages
0
url pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
1
url pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
aliases CVE-2022-40155, GHSA-5hc5-c3m9-8vcj
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kde-ya39-8bee
2
url VCID-hqzr-vc5w-9ff5
vulnerability_id VCID-hqzr-vc5w-9ff5
summary 
Denial of Service due to parser crash
Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40152
reference_id
reference_type
scores
0
value 0.00803
scoring_system epss
scoring_elements 0.74176
published_at 2026-04-24T12:55:00Z
1
value 0.00803
scoring_system epss
scoring_elements 0.7414
published_at 2026-04-21T12:55:00Z
2
value 0.00803
scoring_system epss
scoring_elements 0.7415
published_at 2026-04-18T12:55:00Z
3
value 0.00803
scoring_system epss
scoring_elements 0.74141
published_at 2026-04-16T12:55:00Z
4
value 0.00803
scoring_system epss
scoring_elements 0.74102
published_at 2026-04-13T12:55:00Z
5
value 0.00803
scoring_system epss
scoring_elements 0.74109
published_at 2026-04-12T12:55:00Z
6
value 0.00803
scoring_system epss
scoring_elements 0.74126
published_at 2026-04-11T12:55:00Z
7
value 0.00803
scoring_system epss
scoring_elements 0.74105
published_at 2026-04-09T12:55:00Z
8
value 0.00803
scoring_system epss
scoring_elements 0.7409
published_at 2026-04-08T12:55:00Z
9
value 0.00803
scoring_system epss
scoring_elements 0.7406
published_at 2026-04-02T12:55:00Z
10
value 0.00803
scoring_system epss
scoring_elements 0.74057
published_at 2026-04-07T12:55:00Z
11
value 0.00803
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40152
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
6
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
7
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
8
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
9
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/
url https://github.com/x-stream/xstream/issues/304
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40152
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40152
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089
reference_id 1032089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134291
reference_id 2134291
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134291
13
reference_url https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
reference_id GHSA-3f7h-mf4q-vrm4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
14
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
15
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
16
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
17
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
18
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
19
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
20
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
21
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
22
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
23
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
24
reference_url https://access.redhat.com/errata/RHSA-2025:4437
reference_id RHSA-2025:4437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4437
fixed_packages
0
url pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
1
url pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
aliases CVE-2022-40152, GHSA-3f7h-mf4q-vrm4
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqzr-vc5w-9ff5
3
url VCID-kkjc-yykt-t3f3
vulnerability_id VCID-kkjc-yykt-t3f3
summary 
Denial of Service due to parser crash
## Withdrawn

This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue [here](https://github.com/x-stream/xstream/issues/304#issuecomment-1293654236) for more information.

## Original Despcription 

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40153.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40153.json
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49858
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49858
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
4
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
5
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
6
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
7
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/304
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40153
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40153
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134290
reference_id 2134290
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134290
10
reference_url https://github.com/advisories/GHSA-fv22-xp26-mm9w
reference_id GHSA-fv22-xp26-mm9w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv22-xp26-mm9w
11
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
fixed_packages
0
url pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
1
url pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
aliases CVE-2022-40153, GHSA-fv22-xp26-mm9w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjc-yykt-t3f3
4
url VCID-zcks-qd7r-vkd9
vulnerability_id VCID-zcks-qd7r-vkd9
summary 
Denial of Service via stack overflow
## Withdrawn

This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue [here](https://github.com/x-stream/xstream/issues/304#issuecomment-1293654236) for more information.

## Original Despcription 

Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40154.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40154.json
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50393
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50393
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
4
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
5
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
6
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
7
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/304
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40154
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40154
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2128959
reference_id 2128959
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2128959
10
reference_url https://github.com/advisories/GHSA-9fwf-46g9-45rx
reference_id GHSA-9fwf-46g9-45rx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fwf-46g9-45rx
11
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
fixed_packages
0
url pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
1
url pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
aliases CVE-2022-40154, GHSA-9fwf-46g9-45rx
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zcks-qd7r-vkd9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0