Search for packages
| purl | pkg:deb/debian/libxml-security-java@1.4.5-1%2Bdeb7u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-46y3-rx34-pyc6
Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx |
Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-64x5-tgkj-9qb9
Aliases: CVE-2013-2172 GHSA-r237-w2w6-jq3p |
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." |
Affected by 1 other vulnerability. |
|
VCID-h8wa-77tk-m3av
Aliases: CVE-2013-4517 GHSA-4p4w-6h54-g885 |
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-64x5-tgkj-9qb9 | jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." |
CVE-2013-2172
GHSA-r237-w2w6-jq3p |