VulnerableCode Package Details - pkg:maven/xerces/xercesImpl@2.12.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-c2s2-wsy6-sufn Aliases: CVE-2022-23437 GHSA-h65f-jvqw-m9fj	XML Injection (aka Blind XPath Injection) There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.	2.12.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-c2s2-wsy6-sufn
Aliases:
CVE-2022-23437
GHSA-h65f-jvqw-m9fj

XML Injection (aka Blind XPath Injection) There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

2.12.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-c3c2-b2bc-6bdh	Improper Input Validation A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.	CVE-2020-14338 GHSA-w4jq-qh47-hvjq

Vulnerability

Summary

Aliases

VCID-c3c2-b2bc-6bdh

Improper Input Validation A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.

CVE-2020-14338
GHSA-w4jq-qh47-hvjq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:40:34.586372+00:00	GitLab Importer	Fixing	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.4.0
2026-04-16T21:38:06.201324+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.4.0
2026-04-11T22:55:53.630676+00:00	GitLab Importer	Fixing	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.3.0
2026-04-11T22:52:34.051166+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.3.0
2026-04-02T23:04:56.460899+00:00	GitLab Importer	Fixing	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.1.0
2026-04-02T23:01:57.535560+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.1.0
2026-04-01T17:23:54.594020+00:00	GitLab Importer	Fixing	VCID-c3c2-b2bc-6bdh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	38.0.0
2026-04-01T17:20:48.650071+00:00	GitLab Importer	Affected by	VCID-c2s2-wsy6-sufn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	38.0.0