CVE-2021-37714 - Denial of Service (DoS)

Severity: High2021-12-10

Security Advisories

Abstract

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack.

The Oxygen Feedback product incorporates the jsoup as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback 1.4.3 and olderHigh Oxygen Feedback 1.4.4 build 2021062217

Mitigation

None

Detail

CVE-2021-37714

Severity: High

CVSS Score: 7.5

The jsoup third-party library used by Oxygen XML software products is an affected version mentioned in CVE-2021-37714 vulnerability description.

Starting with Oxygen Feedback version 1.4.4, the jsoup was updated to version 1.14.2, which includes a fix for CVE-2021-37714.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Declarative Amsterdam 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor