VulnerableCode Package Details - pkg:maven/xerces/xercesImpl@2.12.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-m6y6-tzxd-aaas Aliases: CVE-2022-23437 GHSA-h65f-jvqw-m9fj	Infinite Loop in Apache Xerces Java	2.12.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-m6y6-tzxd-aaas
Aliases:
CVE-2022-23437
GHSA-h65f-jvqw-m9fj

Infinite Loop in Apache Xerces Java

2.12.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ff7b-9g5f-aaar	A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.	CVE-2020-14338 GHSA-w4jq-qh47-hvjq

Vulnerability

Summary

Aliases

VCID-ff7b-9g5f-aaar

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.

CVE-2020-14338
GHSA-w4jq-qh47-hvjq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T15:31:42.428368+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	36.1.3
2025-06-20T15:31:42.372522+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	36.1.3
2025-06-20T15:26:28.556606+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	36.1.3
2025-06-20T15:26:24.660702+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	36.1.3
2025-06-03T22:12:29.142144+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	36.1.0
2025-06-03T22:12:29.095022+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	36.1.0
2025-06-03T22:07:53.956539+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	36.1.0
2025-06-03T22:07:48.075073+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	36.1.0
2025-06-02T22:00:18.951356+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	36.1.2
2025-06-02T22:00:18.896205+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	36.1.2
2025-06-02T21:54:52.240810+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	36.1.2
2025-06-02T21:54:48.433658+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	36.1.2
2025-04-03T19:21:02.679297+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	36.0.0
2025-04-03T19:21:02.532081+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	36.0.0
2025-04-03T19:10:05.042704+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	36.0.0
2025-04-03T19:09:59.903560+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	36.0.0
2025-02-18T07:40:17.785330+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	35.1.0
2025-02-18T07:40:17.647774+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	35.1.0
2025-02-18T06:30:42.055063+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	35.1.0
2025-02-18T06:30:41.910173+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	35.1.0
2024-11-21T03:10:51.000894+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	35.0.0
2024-11-21T02:33:03.715372+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	35.0.0
2024-11-19T02:53:48.342208+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	34.3.2
2024-11-19T02:23:11.379950+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	34.3.2
2024-10-08T03:29:40.589173+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	34.0.2
2024-10-08T02:50:46.833437+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	34.0.2
2024-10-07T20:08:08.559531+00:00	GHSA Importer	Affected by	VCID-m6y6-tzxd-aaas	https://github.com/advisories/GHSA-h65f-jvqw-m9fj	34.0.2
2024-10-07T18:25:35.907628+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	https://github.com/advisories/GHSA-w4jq-qh47-hvjq	34.0.2
2024-09-23T03:24:33.764806+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	34.0.1
2024-09-23T02:48:03.432930+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	34.0.1
2024-09-22T20:51:57.680388+00:00	GHSA Importer	Affected by	VCID-m6y6-tzxd-aaas	https://github.com/advisories/GHSA-h65f-jvqw-m9fj	34.0.1
2024-09-22T19:13:21.058395+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	https://github.com/advisories/GHSA-w4jq-qh47-hvjq	34.0.1
2024-04-24T06:05:12.781292+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	34.0.0rc4
2024-04-24T06:05:12.604677+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	34.0.0rc4
2024-04-24T05:23:18.679048+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	34.0.0rc4
2024-04-24T05:23:18.499821+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	34.0.0rc4
2024-04-23T22:25:55.054466+00:00	GHSA Importer	Affected by	VCID-m6y6-tzxd-aaas	https://github.com/advisories/GHSA-h65f-jvqw-m9fj	34.0.0rc4
2024-04-23T22:25:54.864838+00:00	GHSA Importer	Affected by	VCID-m6y6-tzxd-aaas	None	34.0.0rc4
2024-04-23T20:02:49.150773+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	https://github.com/advisories/GHSA-w4jq-qh47-hvjq	34.0.0rc4
2024-04-23T20:02:48.805875+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	None	34.0.0rc4
2024-01-10T08:36:24.994161+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	34.0.0rc2
2024-01-10T08:36:24.823469+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	34.0.0rc2
2024-01-10T07:54:59.422868+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	34.0.0rc2
2024-01-10T07:54:59.241395+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	34.0.0rc2
2024-01-10T00:23:16.098433+00:00	GHSA Importer	Affected by	VCID-m6y6-tzxd-aaas	https://github.com/advisories/GHSA-h65f-jvqw-m9fj	34.0.0rc2
2024-01-10T00:23:15.905060+00:00	GHSA Importer	Affected by	VCID-m6y6-tzxd-aaas	None	34.0.0rc2
2024-01-09T21:54:35.969553+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	https://github.com/advisories/GHSA-w4jq-qh47-hvjq	34.0.0rc2
2024-01-09T21:54:35.608809+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	None	34.0.0rc2
2024-01-04T01:21:38.106552+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2020-14338.yml	34.0.0rc1
2024-01-04T01:21:37.932360+00:00	GitLab Importer	Fixing	VCID-ff7b-9g5f-aaar	None	34.0.0rc1
2024-01-04T00:40:10.278060+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/xerces/xercesImpl/CVE-2022-23437.yml	34.0.0rc1
2024-01-04T00:40:10.090481+00:00	GitLab Importer	Affected by	VCID-m6y6-tzxd-aaas	None	34.0.0rc1
2024-01-03T17:40:34.833572+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	https://github.com/advisories/GHSA-w4jq-qh47-hvjq	34.0.0rc1
2024-01-03T16:39:01.179068+00:00	GHSA Importer	Fixing	VCID-ff7b-9g5f-aaar	None	34.0.0rc1

2025-06-20T15:31:42.428368+00:00

GitLab Importer

Fixing

Next non-vulnerable version	2.12.2
Latest non-vulnerable version	2.12.2
Risk	3.2