Back to search
CVE-2020-14338
Published: Sep 17, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.
| Vendor | Product | Versions |
|---|---|---|
n/a | Wildfly | affected All xerces jboss versions before 2.12.0.SP3 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1860054
x_refsource_MISC
[xerces-j-users] 20201014 Security vulnerability in 2.12.0
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now