we are dealing with these vulnerabilities, these are issues with XML parser from JDK . Our product uses both JDK supplied parsers and some jboss APIS to process the xml data. How do we know if we need to upgrade jboss supported xml libraries to mitigate these vulnerabilities? or these vulnerabilities does not affect jboss supported xml parsers ?
It was discovered that the JAXP component of OpenJDK did not enforce the maximum XML name limit (jdk.xml.MaxXMLNameLimit) when parsing XML files. A specially crafted XML document could cause a Java application using JAXP to consume an excessive amount of memory and CPU time when parsed.
It was discovered that the JAXP component of OpenJDK did not use efficient data structures to store data from parsed XML documents. A specially-crafted XML input could cause a Java application using JAXP to use an excessive amount of CPU time by e.g. triggering hash collisions.