{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-41852", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2025-02-13T15:46:33.700Z", "dateRejected": "2022-11-21T00:00:00", "dateReserved": "2022-09-30T00:00:00.000Z", "datePublished": "2022-10-06T17:14:59.886Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-11-21T00:00:00.000Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2022-41852", "lastModified": "2023-11-07T03:53:02.600", "metrics": {}, "published": "2022-10-06T18:17:05.487", "references": [], "sourceIdentifier": "security@apache.org", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2023:2100", "cpe": "cpe:/a:redhat:camel_spring_boot:3.20.1", "impact": "moderate", "package": "JXPath", "product_name": "RHINT Camel-Springboot 3.20.1", "release_date": "2023-05-03T00:00:00Z"}], "bugzilla": {"description": "JXPath: untrusted XPath expressions may lead to RCE attack", "id": "2136128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136128"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-470", "details": ["A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack."], "name": "CVE-2022-41852", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Affected", "package_name": "JXPath", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "JXPath", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "apache-commons-jxpath", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "impact": "moderate", "package_name": "JXPath", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "impact": "moderate", "package_name": "JXPath", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "impact": "moderate", "package_name": "JXPath", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "JXPath", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "JXPath", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "impact": "low", "package_name": "JXPath", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "JXPath", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "JXPath", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "JXPath", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "JXPath", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "impact": "moderate", "package_name": "rh-maven36-apache-commons-jxpath", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "JXPath", "product_name": "streams for Apache Kafka"}], "public_date": "2022-10-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-41852\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41852"], "threat_severity": "Important"}