{"url":"http://public2.vulnerablecode.io/api/packages/19955?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@1.4.3","type":"maven","namespace":"org.apache.santuario","name":"xmlsec","version":"1.4.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.7","latest_non_vulnerable_version":"3.0.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11249?format=json","vulnerability_id":"VCID-46y3-rx34-pyc6","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nAll versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40690","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51215","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51243","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51318","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51173","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51306","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51265","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.5121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51225","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.5131","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51271","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51284","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40690"},{"reference_url":"https://issues.apache.org/jira/browse/CXF-8613","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/jira/browse/CXF-8613"},{"reference_url":"https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59@%3Cissues.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59@%3Cissues.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8@%3Cuser.poi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8@%3Cuser.poi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230818-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230818-0002/"},{"reference_url":"https://www.debian.org/security/2021/dsa-5010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-5010"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011190","reference_id":"2011190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994569","reference_id":"994569","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994569"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40690","reference_id":"CVE-2021-40690","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40690"},{"reference_url":"https://github.com/advisories/GHSA-j8wc-gxx9-82hx","reference_id":"GHSA-j8wc-gxx9-82hx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j8wc-gxx9-82hx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4679","reference_id":"RHSA-2021:4679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5149","reference_id":"RHSA-2021:5149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5150","reference_id":"RHSA-2021:5150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5151","reference_id":"RHSA-2021:5151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5154","reference_id":"RHSA-2021:5154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5170","reference_id":"RHSA-2021:5170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0146","reference_id":"RHSA-2022:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0151","reference_id":"RHSA-2022:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0152","reference_id":"RHSA-2022:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0155","reference_id":"RHSA-2022:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0164","reference_id":"RHSA-2022:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0501","reference_id":"RHSA-2022:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1013","reference_id":"RHSA-2022:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6407","reference_id":"RHSA-2022:6407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6407"},{"reference_url":"https://usn.ubuntu.com/5525-1/","reference_id":"USN-5525-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5525-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39467?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@2.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@2.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/39469?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@2.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@2.2.3"}],"aliases":["CVE-2021-40690","GHSA-j8wc-gxx9-82hx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46y3-rx34-pyc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4933?format=json","vulnerability_id":"VCID-64x5-tgkj-9qb9","summary":"jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak \"canonicalization algorithm to apply to the SignedInfo part of the Signature.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1207.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1207.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1208.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1208.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1209.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1209.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1217.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1217.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1218.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1218.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1219.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1219.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1220.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1220.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1375.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1375.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1853.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1853.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0212.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2172","reference_id":"","reference_type":"","scores":[{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90081","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90152","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90137","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90141","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90123","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90129","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.9013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90121","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90115","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90095","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05394","scoring_system":"epss","scoring_elements":"0.90084","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06494","scoring_system":"epss","scoring_elements":"0.91132","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2172"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"https://github.com/apache/santuario-java","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java"},{"reference_url":"https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590"},{"reference_url":"https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f"},{"reference_url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2172","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2172"},{"reference_url":"http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h"},{"reference_url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846"},{"reference_url":"http://www.debian.org/security/2014/dsa-3065","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-3065"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2028-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2028-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375","reference_id":"720375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=999263","reference_id":"999263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=999263"},{"reference_url":"http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc","reference_id":"CVE-2013-2172.TXT.ASC","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-r237-w2w6-jq3p","reference_id":"GHSA-r237-w2w6-jq3p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r237-w2w6-jq3p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1217","reference_id":"RHSA-2013:1217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1218","reference_id":"RHSA-2013:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1219","reference_id":"RHSA-2013:1219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1220","reference_id":"RHSA-2013:1220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1375","reference_id":"RHSA-2013:1375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1437","reference_id":"RHSA-2013:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1853","reference_id":"RHSA-2013:1853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0212","reference_id":"RHSA-2014:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1369","reference_id":"RHSA-2014:1369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1369"},{"reference_url":"https://usn.ubuntu.com/2028-1/","reference_id":"USN-2028-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2028-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20400?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@1.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46y3-rx34-pyc6"},{"vulnerability":"VCID-h8wa-77tk-m3av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/20401?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@1.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46y3-rx34-pyc6"},{"vulnerability":"VCID-h8wa-77tk-m3av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.5.5"}],"aliases":["CVE-2013-2172","GHSA-r237-w2w6-jq3p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64x5-tgkj-9qb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4981?format=json","vulnerability_id":"VCID-6q4h-4h6p-nufq","summary":"Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.","references":[{"reference_url":"http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d","reference_id":"","reference_type":"","scores":[],"url":"http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0414"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5823.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5823.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5823","reference_id":"","reference_type":"","scores":[{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89656","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89622","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89636","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89642","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89641","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89626","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89633","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89588","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89591","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89634","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04936","scoring_system":"epss","scoring_elements":"0.89604","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05761","scoring_system":"epss","scoring_elements":"0.9049","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5823"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5823","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5823"},{"reference_url":"https://github.com/apache/santuario-java/commit/55a48497dfbf3fe63a81e67c13160b3f41ebb1f3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/55a48497dfbf3fe63a81e67c13160b3f41ebb1f3"},{"reference_url":"https://github.com/apache/santuario-java/commit/cea3c91106fb8be35e2f1bb3f1fe0cfddd0ec710","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/cea3c91106fb8be35e2f1bb3f1fe0cfddd0ec710"},{"reference_url":"https://github.com/apache/santuario-java/commit/f9a61f2df9473237aa71308c28113540b4063d33","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/f9a61f2df9473237aa71308c28113540b4063d33"},{"reference_url":"https://issues.apache.org/jira/browse/SANTUARIO-334","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SANTUARIO-334"},{"reference_url":"https://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=138674031212883&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=138674031212883&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=138674073720143&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=138674073720143&w=2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5823","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5823"},{"reference_url":"https://security.gentoo.org/glsa/glsa-201406-32.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/glsa-201406-32.xml"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1367492","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1367492"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1019145","reference_id":"1019145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1019145"},{"reference_url":"https://bugzilla.redhat.com/CVE-2013-5823","reference_id":"CVE-2013-5823","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2013-5823"},{"reference_url":"https://github.com/advisories/GHSA-8gwc-x7mg-7p7p","reference_id":"GHSA-8gwc-x7mg-7p7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8gwc-x7mg-7p7p"},{"reference_url":"https://security.gentoo.org/glsa/201401-30","reference_id":"GLSA-201401-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-30"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1440","reference_id":"RHSA-2013:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1447","reference_id":"RHSA-2013:1447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1451","reference_id":"RHSA-2013:1451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1505","reference_id":"RHSA-2013:1505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1507","reference_id":"RHSA-2013:1507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1508","reference_id":"RHSA-2013:1508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1793","reference_id":"RHSA-2013:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1793"},{"reference_url":"https://usn.ubuntu.com/2033-1/","reference_id":"USN-2033-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2033-1/"},{"reference_url":"https://usn.ubuntu.com/2089-1/","reference_id":"USN-2089-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2089-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20400?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@1.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46y3-rx34-pyc6"},{"vulnerability":"VCID-h8wa-77tk-m3av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/20454?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46y3-rx34-pyc6"},{"vulnerability":"VCID-64x5-tgkj-9qb9"},{"vulnerability":"VCID-h8wa-77tk-m3av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.5.3"}],"aliases":["CVE-2013-5823","GHSA-8gwc-x7mg-7p7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q4h-4h6p-nufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4628?format=json","vulnerability_id":"VCID-h8wa-77tk-m3av","summary":"Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.","references":[{"reference_url":"http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0170.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0170.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0171.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0171.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0172.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0172.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0195.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0195.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1725.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1725.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1726.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1726.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1727.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1727.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1728.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1728.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4517.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4517.json"},{"reference_url":"http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4517","reference_id":"","reference_type":"","scores":[{"value":"0.08392","scoring_system":"epss","scoring_elements":"0.92333","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08392","scoring_system":"epss","scoring_elements":"0.92337","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08392","scoring_system":"epss","scoring_elements":"0.92332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08392","scoring_system":"epss","scoring_elements":"0.92338","published_at":"2026-04-26T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94531","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94541","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94545","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94548","published_at":"2026-04-11T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.9455","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94563","published_at":"2026-04-16T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94567","published_at":"2026-04-18T12:55:00Z"},{"value":"0.14926","scoring_system":"epss","scoring_elements":"0.94514","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4517"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Dec/169","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2013/Dec/169"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/89891","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/89891"},{"reference_url":"https://github.com/apache/santuario-java/commit/a09b9042f7759d094f2d49f40fc7bcf145164b25","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/a09b9042f7759d094f2d49f40fc7bcf145164b25"},{"reference_url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4517","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4517"},{"reference_url":"https://www.tenable.com/security/tns-2018-15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/security/tns-2018-15"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1045257","reference_id":"1045257","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1045257"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733938","reference_id":"733938","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733938"},{"reference_url":"https://bugzilla.redhat.com/CVE-2013-4517","reference_id":"CVE-2013-4517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2013-4517"},{"reference_url":"https://cwiki.apache.org/confluence/download/attachments/27821224/cve-2013-4517.txt.asc","reference_id":"CVE-2013-4517.TXT.ASC","reference_type":"","scores":[],"url":"https://cwiki.apache.org/confluence/download/attachments/27821224/cve-2013-4517.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-4p4w-6h54-g885","reference_id":"GHSA-4p4w-6h54-g885","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4w-6h54-g885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0170","reference_id":"RHSA-2014:0170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0171","reference_id":"RHSA-2014:0171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0172","reference_id":"RHSA-2014:0172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0195","reference_id":"RHSA-2014:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0473","reference_id":"RHSA-2014:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0582","reference_id":"RHSA-2014:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1725","reference_id":"RHSA-2014:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1726","reference_id":"RHSA-2014:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1727","reference_id":"RHSA-2014:1727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1728","reference_id":"RHSA-2014:1728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20509?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@1.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46y3-rx34-pyc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.5.6"}],"aliases":["CVE-2013-4517","GHSA-4p4w-6h54-g885"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8wa-77tk-m3av"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6667?format=json","vulnerability_id":"VCID-z7ht-bq8z-3qgd","summary":"XML signature HMAC truncation authentication bypass\nThis package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0217","reference_id":"","reference_type":"","scores":[{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.8359","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83581","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83541","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84495","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.8455","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84514","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84491","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"},{"reference_url":"https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"},{"reference_url":"https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=125787273209737&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html"},{"reference_url":"https://svn.apache.org/viewvc?revision=794013&view=revision","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?revision=794013&view=revision"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=794013","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=794013"},{"reference_url":"https://www.debian.org/security/2010/dsa-1995","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2010/dsa-1995"},{"reference_url":"https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"},{"reference_url":"https://www.kb.cert.org/vuls/id/466161","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/466161"},{"reference_url":"https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"},{"reference_url":"https://www.kb.cert.org/vuls/id/WDON-7TY529","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/WDON-7TY529"},{"reference_url":"https://www.mandriva.com/security/advisories?name=MDVSA-2009:209","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"},{"reference_url":"https://www.redhat.com/support/errata/RHSA-2009-1694.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/support/errata/RHSA-2009-1694.html"},{"reference_url":"https://www.ubuntu.com/usn/USN-903-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ubuntu.com/usn/USN-903-1"},{"reference_url":"https://www.us-cert.gov/cas/techalerts/TA09-294A.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"reference_url":"https://www.w3.org/2008/06/xmldsigcore-errata.html#e03","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.w3.org/2008/06/xmldsigcore-errata.html#e03"},{"reference_url":"https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html"},{"reference_url":"https://bugzilla.redhat.com/CVE-2009-0217","reference_id":"CVE-2009-0217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2009-0217"},{"reference_url":"https://github.com/advisories/GHSA-8hfm-837h-hjg5","reference_id":"GHSA-8hfm-837h-hjg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hfm-837h-hjg5"},{"reference_url":"https://security.gentoo.org/glsa/201206-13","reference_id":"GLSA-201206-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-13"},{"reference_url":"https://security.gentoo.org/glsa/201408-19","reference_id":"GLSA-201408-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1200","reference_id":"RHSA-2009:1200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1201","reference_id":"RHSA-2009:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1428","reference_id":"RHSA-2009:1428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1636","reference_id":"RHSA-2009:1636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1637","reference_id":"RHSA-2009:1637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1649","reference_id":"RHSA-2009:1649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1650","reference_id":"RHSA-2009:1650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0043","reference_id":"RHSA-2010:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0043"},{"reference_url":"https://usn.ubuntu.com/814-1/","reference_id":"USN-814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/814-1/"},{"reference_url":"https://usn.ubuntu.com/826-1/","reference_id":"USN-826-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/826-1/"},{"reference_url":"https://usn.ubuntu.com/903-1/","reference_id":"USN-903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19955?format=json","purl":"pkg:maven/org.apache.santuario/xmlsec@1.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46y3-rx34-pyc6"},{"vulnerability":"VCID-64x5-tgkj-9qb9"},{"vulnerability":"VCID-6q4h-4h6p-nufq"},{"vulnerability":"VCID-h8wa-77tk-m3av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.3"}],"aliases":["CVE-2009-0217","GHSA-8hfm-837h-hjg5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ht-bq8z-3qgd"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.3"}