Search for packages
| purl | pkg:maven/org.opensaml/opensaml@2.6.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jc1p-9m6x-rqby
Aliases: CVE-2014-3603 GHSA-rm7v-gqfg-p2wc |
Improper Validation of Certificate with Host Mismatch The (1) `HttpResource` and (2) `FileBackedHttpResource` implementations in OpenSAML do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3et2-ew6n-tyhh | XML eXternal Entity (XXE) flaw in ParserPool and Decrypter The `BasicParserPool`, `StaticBasicParserPool`, XML Decrypter, and SAML Decrypter in this package set the expandEntityReferences property to `true`, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration. |
CVE-2013-6440
GHSA-v723-58jv-2qc4 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T00:56:38.795064+00:00 | GHSA Importer | Fixing | VCID-3et2-ew6n-tyhh | https://github.com/advisories/GHSA-v723-58jv-2qc4 | 38.6.0 |
| 2026-05-30T20:58:14.181753+00:00 | GitLab Importer | Fixing | VCID-3et2-ew6n-tyhh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.opensaml/opensaml/CVE-2013-6440.yml | 38.6.0 |
| 2026-05-30T20:54:57.743488+00:00 | GitLab Importer | Affected by | VCID-jc1p-9m6x-rqby | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.opensaml/opensaml/CVE-2014-3603.yml | 38.6.0 |