CVE-2023-34623 - Denial of Service (DoS)
Severity: High2023-07-19
Abstract
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
The Oxygen products incorporate jtidy as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Author v25.1 and older | High | Oxygen XML Author 25.1 build 2023070306 |
Oxygen XML Developer v25.1 and older | High | Oxygen XML Developer 25.1 build 2023070306 |
Oxygen XML Editor v25.1 and older | High | Oxygen XML Editor 25.1 build 2023070306 |
Detail
CVE-2023-34623
Severity: High
CVSS Score: 7.5
The jtidy third-party library used by Oxygen XML products is an affected version mentioned in CVE-2023-34623 vulnerability description.
Starting with Oxygen XML v25.1 build 2023070306 jtidy library was updated to a version which fixes this vulnerability.