Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libxml-security-java@2.1.7-3
purl pkg:deb/debian/libxml-security-java@2.1.7-3
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-degg-m3tz-9ubj Improper input validation in Apache Santuario XML Security for Java In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. CVE-2019-12400
GHSA-4q98-wr72-h35w

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:01:53.237919+00:00 Debian Importer Fixing VCID-degg-m3tz-9ubj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:57:24.916279+00:00 Debian Importer Fixing VCID-degg-m3tz-9ubj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-08T19:57:38.587472+00:00 Debian Importer Fixing VCID-degg-m3tz-9ubj https://security-tracker.debian.org/tracker/data/json 38.1.0