xerces:xercesImpl vulnerabilities

Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program. The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual. Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page. Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1. Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

Latest version

2.12.1

First published

16 years ago

Latest version published

2 months ago

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the xerces:xercesImpl package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • M
Improper Input Validation
[,2.12.0.SP03) Not available 14 Sep, 2020
  • M
Denial of Service (DoS)
[,2.10.0) Not available 04 Dec, 2017
  • H
Denial of Service (DoS)
[0,2.12.0) Not available 16 Nov, 2017
  • M
Denial of Service (DoS)
[,2.11.0) Not available 08 Sep, 2017
  • M
Denial of Service (DoS)
[,2.11.0.SP5) Not available 15 Oct, 2013
  • M
XML Parsing Infinite Loop
[,2.3.0) Not available 06 Jun, 2012
Versions
Version Published Licenses Direct Vulnerabilities
xerces:xercesImpl 2.12.1
Latest
04 Jan, 2021 Apache-2.0
  • 0 H
  • 0 M
  • 0 L
xerces:xercesImpl 2.12.0 22 Jun, 2018 Apache-2.0
  • 0 H
  • 1 M
  • 0 L
xerces:xercesImpl 2.11.0 20 Feb, 2013 Apache-2.0
  • 1 H
  • 2 M
  • 0 L
xerces:xercesImpl 2.10.0 15 Aug, 2011 Apache-2.0
  • 1 H
  • 3 M
  • 0 L
xerces:xercesImpl 2.6.2-jaxb-1.0.6 20 May, 2010 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.9.1 01 Oct, 2008 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.9.0 01 Oct, 2008 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.8.1 07 Oct, 2006 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.8.0 10 Apr, 2006 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.2.1 27 Dec, 2005 Apache-2.0
  • 1 H
  • 5 M
  • 0 L
xerces:xercesImpl 2.7.1 22 Nov, 2005 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.6.0 22 Nov, 2005 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.0.2 22 Nov, 2005 Apache-2.0
  • 1 H
  • 5 M
  • 0 L
xerces:xercesImpl 2.3.0 22 Nov, 2005 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.4.0 22 Nov, 2005 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.5.0 22 Nov, 2005 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.0.0 22 Nov, 2005 Apache-2.0
  • 1 H
  • 5 M
  • 0 L
xerces:xercesImpl 2.6.2 01 Nov, 2005 Apache-2.0
  • 1 H
  • 4 M
  • 0 L
xerces:xercesImpl 2.6.1 01 Aug, 2005 Apache-2.0
  • 1 H
  • 4 M
  • 0 L