Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40159

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.

Published

2022-10-06T18:16:49.693

Last Modified

2024-11-21T07:20:59.520

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	commons_jxpath	≤ 1.3	Yes

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057 ([email protected])
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057 (af854a3a-2127-422b-91ae-364da2661108)