Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/143399?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/143399?format=api", "purl": "pkg:maven/org.apache.santuario/xmlsec@1.4.0", "type": "maven", "namespace": "org.apache.santuario", "name": "xmlsec", "version": "1.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.1.7", "latest_non_vulnerable_version": "3.0.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4933?format=api", "vulnerability_id": "VCID-64x5-tgkj-9qb9", "summary": "jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak \"canonicalization algorithm to apply to the SignedInfo part of the Signature.\"", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90137", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90081", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90095", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.901", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90115", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90121", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.9013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90129", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05394", "scoring_system": "epss", "scoring_elements": "0.90141", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2172" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172" }, { "reference_url": "http://seclists.org/fulldisclosure/2014/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "reference_url": "https://github.com/apache/santuario-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java" }, { "reference_url": "https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590" }, { "reference_url": "https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f" }, { "reference_url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172" }, { "reference_url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h" }, { "reference_url": "https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3065", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-3065" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2028-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2028-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375", "reference_id": "720375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263", "reference_id": "999263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263" }, { "reference_url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", "reference_id": "CVE-2013-2172.TXT.ASC", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc" }, { "reference_url": "https://github.com/advisories/GHSA-r237-w2w6-jq3p", "reference_id": "GHSA-r237-w2w6-jq3p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r237-w2w6-jq3p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1217", "reference_id": "RHSA-2013:1217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1218", "reference_id": "RHSA-2013:1218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1219", "reference_id": "RHSA-2013:1219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1220", "reference_id": "RHSA-2013:1220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1375", "reference_id": "RHSA-2013:1375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1437", "reference_id": "RHSA-2013:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1853", "reference_id": "RHSA-2013:1853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0212", "reference_id": "RHSA-2014:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0400", "reference_id": "RHSA-2014:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1369", "reference_id": "RHSA-2014:1369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1369" }, { "reference_url": "https://usn.ubuntu.com/2028-1/", "reference_id": "USN-2028-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2028-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20400?format=api", "purl": "pkg:maven/org.apache.santuario/xmlsec@1.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46y3-rx34-pyc6" }, { "vulnerability": "VCID-h8wa-77tk-m3av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/20401?format=api", "purl": "pkg:maven/org.apache.santuario/xmlsec@1.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46y3-rx34-pyc6" }, { "vulnerability": "VCID-h8wa-77tk-m3av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.5.5" } ], "aliases": [ "CVE-2013-2172", "GHSA-r237-w2w6-jq3p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64x5-tgkj-9qb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4981?format=api", "vulnerability_id": "VCID-6q4h-4h6p-nufq", "summary": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.", "references": [ { "reference_url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0414", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5823.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89588", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89591", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89604", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89605", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89622", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89627", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89634", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89626", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89641", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04936", "scoring_system": "epss", "scoring_elements": "0.89642", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5823" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5823", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5823" }, { "reference_url": "https://github.com/apache/santuario-java/commit/55a48497dfbf3fe63a81e67c13160b3f41ebb1f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java/commit/55a48497dfbf3fe63a81e67c13160b3f41ebb1f3" }, { "reference_url": "https://github.com/apache/santuario-java/commit/cea3c91106fb8be35e2f1bb3f1fe0cfddd0ec710", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java/commit/cea3c91106fb8be35e2f1bb3f1fe0cfddd0ec710" }, { "reference_url": "https://github.com/apache/santuario-java/commit/f9a61f2df9473237aa71308c28113540b4063d33", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java/commit/f9a61f2df9473237aa71308c28113540b4063d33" }, { "reference_url": "https://issues.apache.org/jira/browse/SANTUARIO-334", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/SANTUARIO-334" }, { "reference_url": "https://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" }, { "reference_url": "https://marc.info/?l=bugtraq&m=138674031212883&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://marc.info/?l=bugtraq&m=138674031212883&w=2" }, { "reference_url": "https://marc.info/?l=bugtraq&m=138674073720143&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://marc.info/?l=bugtraq&m=138674073720143&w=2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5823", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5823" }, { "reference_url": "https://security.gentoo.org/glsa/glsa-201406-32.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1367492", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?view=revision&revision=1367492" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019145", "reference_id": "1019145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019145" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2013-5823", "reference_id": "CVE-2013-5823", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2013-5823" }, { "reference_url": "https://github.com/advisories/GHSA-8gwc-x7mg-7p7p", "reference_id": "GHSA-8gwc-x7mg-7p7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8gwc-x7mg-7p7p" }, { "reference_url": "https://security.gentoo.org/glsa/201401-30", "reference_id": "GLSA-201401-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-30" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1440", "reference_id": "RHSA-2013:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1447", "reference_id": "RHSA-2013:1447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1451", "reference_id": "RHSA-2013:1451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1505", "reference_id": "RHSA-2013:1505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1505" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1507", "reference_id": "RHSA-2013:1507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1508", "reference_id": "RHSA-2013:1508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1793", "reference_id": "RHSA-2013:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1793" }, { "reference_url": "https://usn.ubuntu.com/2033-1/", "reference_id": "USN-2033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2033-1/" }, { "reference_url": "https://usn.ubuntu.com/2089-1/", "reference_id": "USN-2089-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2089-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20400?format=api", "purl": "pkg:maven/org.apache.santuario/xmlsec@1.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46y3-rx34-pyc6" }, { "vulnerability": "VCID-h8wa-77tk-m3av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/20454?format=api", "purl": "pkg:maven/org.apache.santuario/xmlsec@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46y3-rx34-pyc6" }, { "vulnerability": "VCID-64x5-tgkj-9qb9" }, { "vulnerability": "VCID-h8wa-77tk-m3av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.5.3" } ], "aliases": [ "CVE-2013-5823", "GHSA-8gwc-x7mg-7p7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6q4h-4h6p-nufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6667?format=api", "vulnerability_id": "VCID-z7ht-bq8z-3qgd", "summary": "XML signature HMAC truncation authentication bypass\nThis package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83541", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83557", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83556", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83529", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83605", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.8359", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0222", "scoring_system": "epss", "scoring_elements": "0.84514", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0222", "scoring_system": "epss", "scoring_elements": "0.84512", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0222", "scoring_system": "epss", "scoring_elements": "0.84491", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0222", "scoring_system": "epss", "scoring_elements": "0.84495", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0217" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217" }, { "reference_url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041" }, { "reference_url": "https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7" }, { "reference_url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526" }, { "reference_url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527" }, { "reference_url": "https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" }, { "reference_url": "https://marc.info/?l=bugtraq&m=125787273209737&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://marc.info/?l=bugtraq&m=125787273209737&w=2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0217" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html" }, { "reference_url": "https://svn.apache.org/viewvc?revision=794013&view=revision", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://svn.apache.org/viewvc?revision=794013&view=revision" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=794013", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?view=revision&revision=794013" }, { "reference_url": "https://www.debian.org/security/2010/dsa-1995", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2010/dsa-1995" }, { "reference_url": "https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" }, { "reference_url": "https://www.kb.cert.org/vuls/id/466161", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/466161" }, { "reference_url": "https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ" }, { "reference_url": "https://www.kb.cert.org/vuls/id/WDON-7TY529", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/WDON-7TY529" }, { "reference_url": "https://www.mandriva.com/security/advisories?name=MDVSA-2009:209", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mandriva.com/security/advisories?name=MDVSA-2009:209" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html" }, { "reference_url": "https://www.redhat.com/support/errata/RHSA-2009-1694.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/support/errata/RHSA-2009-1694.html" }, { "reference_url": "https://www.ubuntu.com/usn/USN-903-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ubuntu.com/usn/USN-903-1" }, { "reference_url": "https://www.us-cert.gov/cas/techalerts/TA09-294A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.us-cert.gov/cas/techalerts/TA09-294A.html" }, { "reference_url": "https://www.w3.org/2008/06/xmldsigcore-errata.html#e03", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.w3.org/2008/06/xmldsigcore-errata.html#e03" }, { "reference_url": "https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2009-0217", "reference_id": "CVE-2009-0217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2009-0217" }, { "reference_url": "https://github.com/advisories/GHSA-8hfm-837h-hjg5", "reference_id": "GHSA-8hfm-837h-hjg5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8hfm-837h-hjg5" }, { "reference_url": "https://security.gentoo.org/glsa/201206-13", "reference_id": "GLSA-201206-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-13" }, { "reference_url": "https://security.gentoo.org/glsa/201408-19", "reference_id": "GLSA-201408-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1200", "reference_id": "RHSA-2009:1200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1201", "reference_id": "RHSA-2009:1201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1428", "reference_id": "RHSA-2009:1428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1636", "reference_id": "RHSA-2009:1636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1637", "reference_id": "RHSA-2009:1637", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1649", "reference_id": "RHSA-2009:1649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1650", "reference_id": "RHSA-2009:1650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0043", "reference_id": "RHSA-2010:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0043" }, { "reference_url": "https://usn.ubuntu.com/814-1/", "reference_id": "USN-814-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/814-1/" }, { "reference_url": "https://usn.ubuntu.com/826-1/", "reference_id": "USN-826-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/826-1/" }, { "reference_url": "https://usn.ubuntu.com/903-1/", "reference_id": "USN-903-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/903-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19955?format=api", "purl": "pkg:maven/org.apache.santuario/xmlsec@1.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46y3-rx34-pyc6" }, { "vulnerability": "VCID-64x5-tgkj-9qb9" }, { "vulnerability": "VCID-6q4h-4h6p-nufq" }, { "vulnerability": "VCID-h8wa-77tk-m3av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.3" } ], "aliases": [ "CVE-2009-0217", "GHSA-8hfm-837h-hjg5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ht-bq8z-3qgd" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.0" }