Search for packages
| purl | pkg:maven/org.apache.santuario/xmlsec@1.4.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-54af-zg2e-aaan
Aliases: CVE-2013-2172 GHSA-r237-w2w6-jq3p |
Cryptographic Issues Attackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the `SignedInfo` part of the Signature. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-8mkv-tade-aaam
Aliases: CVE-2023-44483 GHSA-xfrj-6vvc-3xm2 |
Apache Santuario - XML Security for Java are vulnerable to private key disclosure |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-95nw-fscc-aaaa
Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-f3nz-xu8d-aaar
Aliases: CVE-2013-4517 GHSA-4p4w-6h54-g885 |
Uncontrolled Resource Consumption When applying Transforms, remote attackers could cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. |
Affected by 2 other vulnerabilities. |
|
VCID-u4aj-7vz4-aaab
Aliases: CVE-2013-5823 GHSA-8gwc-x7mg-7p7p |
UnsyncByteArrayOutputStream Denial of Service This package allows remote attackers to affect availability via unknown vectors related to Security. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-s9fq-hc6s-aaad | XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. |
CVE-2009-0217
GHSA-8hfm-837h-hjg5 |