CVE-2020-14338

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:xerces:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xerces:2.12.0:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:xerces:2.12.0:sp2:*:*:*:*:*:*

Information

Published : 2020-09-17 08:15

Updated : 2020-10-19 14:15


NVD link : CVE-2020-14338

Mitre link : CVE-2020-14338


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

redhat

  • xerces