Description
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
References (1)
Core 1
Core References
Issue Tracking
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053
Scores
CVSS v3
6.5
EPSS
0.0197
EPSS Percentile
83.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (2)
apache/commons_jxpath
< 1.3
commons-jxpath/commons-jxpath
0Maven
Published
Oct 06, 2022
Tracked Since
Feb 18, 2026