VYPR
Moderate severityNVD Advisory· Published Oct 20, 2023· Updated Nov 3, 2025

Apache Santuario: Private Key disclosure in debug-log output

CVE-2023-44483

Description

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.santuario:xmlsecMaven
>= 2.3.0, < 2.3.42.3.4
org.apache.santuario:xmlsecMaven
< 2.2.62.2.6
org.apache.santuario:xmlsecMaven
>= 3.0.0, < 3.0.33.0.3

Affected products

30

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.