Search for packages
| purl | pkg:deb/debian/libxml-security-java@2.0.10-2%2Bdeb11u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3yxy-xdw4-wfgc
Aliases: CVE-2019-12400 GHSA-4q98-wr72-h35w |
Improper input validation in Apache Santuario XML Security for Java In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2w4b-at7v-jfew | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. |
CVE-2021-40690
GHSA-j8wc-gxx9-82hx |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T19:12:52.597666+00:00 | Debian Oval Importer | Fixing | VCID-2w4b-at7v-jfew | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T13:18:39.723329+00:00 | Debian Importer | Affected by | VCID-3yxy-xdw4-wfgc | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |