VulnerableCode Package Details - pkg:deb/debian/libxml-security-java@2.0.10-2%2Bdeb10u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-46y3-rx34-pyc6 Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx	Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.	2.0.10-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-46y3-rx34-pyc6
Aliases:
CVE-2021-40690
GHSA-j8wc-gxx9-82hx

Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

2.0.10-2+deb11u1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-46y3-rx34-pyc6	Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.	CVE-2021-40690 GHSA-j8wc-gxx9-82hx

Vulnerability

Summary

Aliases

VCID-46y3-rx34-pyc6

CVE-2021-40690
GHSA-j8wc-gxx9-82hx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:54:57.998811+00:00	Debian Oval Importer	Affected by	VCID-46y3-rx34-pyc6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:55:23.886897+00:00	Debian Oval Importer	Fixing	VCID-46y3-rx34-pyc6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-11T23:29:14.205094+00:00	Debian Oval Importer	Affected by	VCID-46y3-rx34-pyc6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:43:40.273617+00:00	Debian Oval Importer	Fixing	VCID-46y3-rx34-pyc6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-08T23:02:10.136945+00:00	Debian Oval Importer	Affected by	VCID-46y3-rx34-pyc6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:16:33.871338+00:00	Debian Oval Importer	Fixing	VCID-46y3-rx34-pyc6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0