VulnerableCode Package Details - pkg:deb/debian/libxerces2-java@2.12.2-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-96gv-ug8n-juhb	XML Injection in Xerces Java affects Nokogiri ## Summary Nokogiri v1.13.4 updates the vendored `xerces:xercesImpl` from 2.12.0 to 2.12.2, which addresses [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437). That CVE is scored as CVSS 6.5 "Medium" on the NVD record. Please note that this advisory only applies to the JRuby implementation of Nokogiri `< 1.13.4`. ## Mitigation Upgrade to Nokogiri `>= v1.13.4`. ## Impact ### [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437) in xerces-J - Severity: Medium - Type: [CWE-91](https://cwe.mitre.org/data/definitions/91.html) XML Injection (aka Blind XPath Injection) - Description: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. - See also: https://github.com/advisories/GHSA-h65f-jvqw-m9fj	CVE-2022-23437 GHSA-h65f-jvqw-m9fj GHSA-xxx9-3xcr-gjj3 GMS-2022-788

Vulnerability

Summary

Aliases

VCID-96gv-ug8n-juhb

XML Injection in Xerces Java affects Nokogiri ## Summary Nokogiri v1.13.4 updates the vendored `xerces:xercesImpl` from 2.12.0 to 2.12.2, which addresses [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437). That CVE is scored as CVSS 6.5 "Medium" on the NVD record. Please note that this advisory only applies to the **JRuby** implementation of Nokogiri `< 1.13.4`. ## Mitigation Upgrade to Nokogiri `>= v1.13.4`. ## Impact ### [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437) in xerces-J - **Severity**: Medium - **Type**: [CWE-91](https://cwe.mitre.org/data/definitions/91.html) XML Injection (aka Blind XPath Injection) - **Description**: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. - **See also**: https://github.com/advisories/GHSA-h65f-jvqw-m9fj

CVE-2022-23437
GHSA-h65f-jvqw-m9fj
GHSA-xxx9-3xcr-gjj3
GMS-2022-788

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T12:40:04.480787+00:00	Debian Importer	Fixing	VCID-96gv-ug8n-juhb	https://security-tracker.debian.org/tracker/data/json	37.0.0

2025-08-01T12:40:04.480787+00:00

Debian Importer

Fixing

VCID-96gv-ug8n-juhb

https://security-tracker.debian.org/tracker/data/json

37.0.0