Search for packages
| purl | pkg:maven/org.apache.santuario/xmlsec@1.4.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-54af-zg2e-aaan
Aliases: CVE-2013-2172 GHSA-r237-w2w6-jq3p |
Cryptographic Issues Attackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the `SignedInfo` part of the Signature. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-s9fq-hc6s-aaad
Aliases: CVE-2009-0217 GHSA-8hfm-837h-hjg5 |
XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. |
Affected by 5 other vulnerabilities. |
|
VCID-u4aj-7vz4-aaab
Aliases: CVE-2013-5823 GHSA-8gwc-x7mg-7p7p |
UnsyncByteArrayOutputStream Denial of Service This package allows remote attackers to affect availability via unknown vectors related to Security. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-01-17T02:29:16.886653+00:00 | GHSA Importer | Affected by | VCID-u4aj-7vz4-aaab | None | 35.1.0 |
| 2025-01-17T02:29:10.929445+00:00 | GHSA Importer | Affected by | VCID-54af-zg2e-aaan | None | 35.1.0 |
| 2025-01-17T02:28:34.832446+00:00 | GHSA Importer | Affected by | VCID-s9fq-hc6s-aaad | None | 35.1.0 |
| 2024-09-17T22:04:04.278433+00:00 | GHSA Importer | Affected by | VCID-s9fq-hc6s-aaad | https://github.com/advisories/GHSA-8hfm-837h-hjg5 | 34.0.1 |
| 2024-09-17T22:00:46.412920+00:00 | GHSA Importer | Affected by | VCID-u4aj-7vz4-aaab | https://github.com/advisories/GHSA-8gwc-x7mg-7p7p | 34.0.1 |
| 2024-09-17T22:00:45.311635+00:00 | GHSA Importer | Affected by | VCID-54af-zg2e-aaan | https://github.com/advisories/GHSA-r237-w2w6-jq3p | 34.0.1 |
| 2024-04-23T17:39:49.506384+00:00 | GHSA Importer | Affected by | VCID-u4aj-7vz4-aaab | https://github.com/advisories/GHSA-8gwc-x7mg-7p7p | 34.0.0rc4 |
| 2024-04-23T17:39:48.391453+00:00 | GHSA Importer | Affected by | VCID-54af-zg2e-aaan | https://github.com/advisories/GHSA-r237-w2w6-jq3p | 34.0.0rc4 |
| 2024-01-03T17:39:00.956715+00:00 | GHSA Importer | Affected by | VCID-54af-zg2e-aaan | https://github.com/advisories/GHSA-r237-w2w6-jq3p | 34.0.0rc1 |
| 2024-01-03T17:38:48.385693+00:00 | GHSA Importer | Affected by | VCID-s9fq-hc6s-aaad | https://github.com/advisories/GHSA-8hfm-837h-hjg5 | 34.0.0rc1 |
| 2024-01-03T17:38:48.303828+00:00 | GHSA Importer | Affected by | VCID-u4aj-7vz4-aaab | https://github.com/advisories/GHSA-8gwc-x7mg-7p7p | 34.0.0rc1 |