{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33663?format=json","vulnerability_id":"VCID-nnhm-vcmu-gkd7","summary":"Denial of service in Apache Xerces2\nApache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.","aliases":[{"alias":"CVE-2012-0881"},{"alias":"GHSA-vmqm-g3vh-847m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20333?format=json","purl":"pkg:maven/xerces/xercesImpl@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/147741?format=json","purl":"pkg:maven/xerces/xercesImpl@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"},{"vulnerability":"VCID-qfw9-f3rm-kfah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/147742?format=json","purl":"pkg:maven/xerces/xercesImpl@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"},{"vulnerability":"VCID-qfw9-f3rm-kfah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/147743?format=json","purl":"pkg:maven/xerces/xercesImpl@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"},{"vulnerability":"VCID-qfw9-f3rm-kfah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20064?format=json","purl":"pkg:maven/xerces/xercesImpl@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"},{"vulnerability":"VCID-qfw9-f3rm-kfah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20065?format=json","purl":"pkg:maven/xerces/xercesImpl@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/147744?format=json","purl":"pkg:maven/xerces/xercesImpl@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/147745?format=json","purl":"pkg:maven/xerces/xercesImpl@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/147746?format=json","purl":"pkg:maven/xerces/xercesImpl@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/147747?format=json","purl":"pkg:maven/xerces/xercesImpl@2.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/147748?format=json","purl":"pkg:maven/xerces/xercesImpl@2.6.2-jaxb-1.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.2-jaxb-1.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/147749?format=json","purl":"pkg:maven/xerces/xercesImpl@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/147750?format=json","purl":"pkg:maven/xerces/xercesImpl@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/147751?format=json","purl":"pkg:maven/xerces/xercesImpl@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/147752?format=json","purl":"pkg:maven/xerces/xercesImpl@2.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19956?format=json","purl":"pkg:maven/xerces/xercesImpl@2.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gpd-vwgb-67cn"},{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19957?format=json","purl":"pkg:maven/xerces/xercesImpl@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20332?format=json","purl":"pkg:maven/xerces/xercesImpl@2.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a6wc-3mp6-63ek"},{"vulnerability":"VCID-c2s2-wsy6-sufn"},{"vulnerability":"VCID-c3c2-b2bc-6bdh"},{"vulnerability":"VCID-nnhm-vcmu-gkd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.11.0"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0881.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0881.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0881","reference_id":"","reference_type":"","scores":[{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84028","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84239","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84207","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84189","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.8419","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84174","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.83997","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84129","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84117","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84092","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.8409","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84088","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.8407","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84077","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.8406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84054","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.8403","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0881"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=787104","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=787104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881"},{"reference_url":"https://github.com/apache/xerces2-j/commit/992b5d9c24102ad20330d36c0a71162753a37449","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/xerces2-j/commit/992b5d9c24102ad20330d36c0a71162753a37449"},{"reference_url":"https://issues.apache.org/jira/browse/XERCESJ-1685","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/XERCESJ-1685"},{"reference_url":"https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56@%3Ccommon-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56@%3Ccommon-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0881","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0881"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/07/08/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2014/07/08/11"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/07/08/11","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/07/08/11"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-vmqm-g3vh-847m","reference_id":"GHSA-vmqm-g3vh-847m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmqm-g3vh-847m"}],"weaknesses":[{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."},{"cwe_id":407,"name":"Inefficient Algorithmic Complexity","description":"An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":399,"name":"Resource Management Errors","description":"Weaknesses in this category are related to improper management of system resources."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnhm-vcmu-gkd7"}