CVE-2022-40159

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
apachecommons_jxpath
𝑥
≤ 1.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libcommons-jxpath-java
noble
not-affected
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057