Search for packages
| purl | pkg:maven/org.apache.santuario/xmlsec@1.5-alpha0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-54af-zg2e-aaan
Aliases: CVE-2013-2172 GHSA-r237-w2w6-jq3p |
Cryptographic Issues Attackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the `SignedInfo` part of the Signature. |
Affected by 3 other vulnerabilities. |
|
VCID-u4aj-7vz4-aaab
Aliases: CVE-2013-5823 GHSA-8gwc-x7mg-7p7p |
UnsyncByteArrayOutputStream Denial of Service This package allows remote attackers to affect availability via unknown vectors related to Security. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:37:40.449499+00:00 | GitLab Importer | Affected by | VCID-54af-zg2e-aaan | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-2172.yml | 34.0.1 |
| 2024-09-17T22:37:40.256655+00:00 | GitLab Importer | Affected by | VCID-u4aj-7vz4-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-5823.yml | 34.0.1 |
| 2024-01-03T18:00:33.830428+00:00 | GitLab Importer | Affected by | VCID-54af-zg2e-aaan | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-2172.yml | 34.0.0rc1 |
| 2024-01-03T18:00:33.650294+00:00 | GitLab Importer | Affected by | VCID-u4aj-7vz4-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-5823.yml | 34.0.0rc1 |