VulnerableCode Package Details - pkg:deb/debian/libxml-security-java@2.0.10-2%2Bdeb10u1

Search for packages

Package details: pkg:deb/debian/libxml-security-java@2.0.10-2%2Bdeb10u1

Essentials
History (2)

purl	pkg:deb/debian/libxml-security-java@2.0.10-2%2Bdeb10u1

Next non-vulnerable version	2.1.7-3
Latest non-vulnerable version	2.1.7-3
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-2w4b-at7v-jfew Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx	All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.	2.0.10-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-2w4b-at7v-jfew	All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.	CVE-2021-40690 GHSA-j8wc-gxx9-82hx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:12:52.592953+00:00	Debian Oval Importer	Affected by	VCID-2w4b-at7v-jfew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:26:28.048863+00:00	Debian Oval Importer	Fixing	VCID-2w4b-at7v-jfew	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0