One of the advisories addresses multiple critical-severity vulnerabilities in Expat (libexpat), a third-party stream-oriented XML parser library.
Juniper’s advisory details 15 Expat vulnerabilities resolved with the latest Junos OS releases, seven of which are rated ‘critical severity’ (CVSS score of 9.8). Although disclosed over the past two years, the flaws are not known to be exploited in malicious attacks.
Updates that address these vulnerabilities were released for Junos OS versions 19.4 to 22.2. Juniper recommends using access lists or firewall filters to reduce the risks associated with these bugs.