VulnerableCode Package Details - pkg:maven/xerces/xercesImpl@2.10.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-a6wc-3mp6-63ek Aliases: CVE-2013-4002 GHSA-7j4h-8wpf-rqfh	XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.	2.12.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c2s2-wsy6-sufn Aliases: CVE-2022-23437 GHSA-h65f-jvqw-m9fj	XML Injection (aka Blind XPath Injection) There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.	2.12.2 Affected by 0 other vulnerabilities.
VCID-c3c2-b2bc-6bdh Aliases: CVE-2020-14338 GHSA-w4jq-qh47-hvjq	Improper Input Validation A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.	2.12.sp3 Affected by 0 other vulnerabilities. 2.12.0.sp3 Affected by 0 other vulnerabilities. 2.12.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nnhm-vcmu-gkd7 Aliases: CVE-2012-0881 GHSA-vmqm-g3vh-847m	Denial of service in Apache Xerces2 Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.	2.12.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-a6wc-3mp6-63ek
Aliases:
CVE-2013-4002
GHSA-7j4h-8wpf-rqfh

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

2.12.0
Affected by 2 other vulnerabilities.

VCID-c2s2-wsy6-sufn
Aliases:
CVE-2022-23437
GHSA-h65f-jvqw-m9fj

XML Injection (aka Blind XPath Injection) There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

2.12.2
Affected by 0 other vulnerabilities.

VCID-c3c2-b2bc-6bdh
Aliases:
CVE-2020-14338
GHSA-w4jq-qh47-hvjq

Improper Input Validation A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.

2.12.sp3
Affected by 0 other vulnerabilities.

2.12.0.sp3
Affected by 0 other vulnerabilities.

2.12.1
Affected by 1 other vulnerability.

VCID-nnhm-vcmu-gkd7
Aliases:
CVE-2012-0881
GHSA-vmqm-g3vh-847m

Denial of service in Apache Xerces2 Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

2.12.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2gpd-vwgb-67cn	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.	CVE-2009-2625 GHSA-334p-wv2m-w3vp

Vulnerability

Summary

Aliases

VCID-2gpd-vwgb-67cn

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

CVE-2009-2625
GHSA-334p-wv2m-w3vp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:40:34.576305+00:00	GitLab Importer	Affected by	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.4.0
2026-04-16T21:38:06.197519+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.4.0
2026-04-16T21:04:30.828627+00:00	GitLab Importer	Affected by	VCID-nnhm-vcmu-gkd7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2012-0881.yml	38.4.0
2026-04-16T20:30:44.798154+00:00	GitLab Importer	Affected by	VCID-a6wc-3mp6-63ek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2013-4002.yml	38.4.0
2026-04-16T20:29:51.034324+00:00	GitLab Importer	Fixing	VCID-2gpd-vwgb-67cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2009-2625.yml	38.4.0
2026-04-11T22:55:53.620221+00:00	GitLab Importer	Affected by	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.3.0
2026-04-11T22:52:34.040863+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.3.0
2026-04-11T22:15:56.544443+00:00	GitLab Importer	Affected by	VCID-nnhm-vcmu-gkd7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2012-0881.yml	38.3.0
2026-04-11T21:41:08.986034+00:00	GitLab Importer	Affected by	VCID-a6wc-3mp6-63ek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2013-4002.yml	38.3.0
2026-04-11T21:40:23.485196+00:00	GitLab Importer	Fixing	VCID-2gpd-vwgb-67cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2009-2625.yml	38.3.0
2026-04-02T23:04:56.451230+00:00	GitLab Importer	Affected by	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.1.0
2026-04-02T23:01:57.525898+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.1.0
2026-04-02T22:28:08.682392+00:00	GitLab Importer	Affected by	VCID-nnhm-vcmu-gkd7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2012-0881.yml	38.1.0
2026-04-02T21:55:19.095141+00:00	GitLab Importer	Affected by	VCID-a6wc-3mp6-63ek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2013-4002.yml	38.1.0
2026-04-02T21:54:24.624678+00:00	GitLab Importer	Fixing	VCID-2gpd-vwgb-67cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2009-2625.yml	38.1.0
2026-04-01T17:23:54.583183+00:00	GitLab Importer	Affected by	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.0.0
2026-04-01T17:20:48.636719+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.0.0
2026-04-01T16:46:05.153754+00:00	GitLab Importer	Affected by	VCID-nnhm-vcmu-gkd7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2012-0881.yml	38.0.0
2026-04-01T16:12:33.901867+00:00	GitLab Importer	Affected by	VCID-a6wc-3mp6-63ek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2013-4002.yml	38.0.0
2026-04-01T15:58:15.107502+00:00	GHSA Importer	Fixing	VCID-2gpd-vwgb-67cn	https://github.com/advisories/GHSA-334p-wv2m-w3vp	38.0.0
2026-04-01T13:00:30.567698+00:00	GithubOSV Importer	Fixing	VCID-2gpd-vwgb-67cn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-334p-wv2m-w3vp/GHSA-334p-wv2m-w3vp.json	38.0.0
2026-04-01T12:46:45.666566+00:00	GitLab Importer	Fixing	VCID-2gpd-vwgb-67cn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2009-2625.yml	38.0.0