rpm package
opensuse/xml-security&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xml-security&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-40690 | — | < 2.1.7-1.1 | 2.1.7-1.1 | Sep 19, 2021 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform | ||
| CVE-2019-12400 | — | < 2.1.7-1.1 | 2.1.7-1.1 | Aug 23, 2019 | In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader |
- CVE-2021-40690Sep 19, 2021affected < 2.1.7-1.1fixed 2.1.7-1.1
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform
- CVE-2019-12400Aug 23, 2019affected < 2.1.7-1.1fixed 2.1.7-1.1
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader