Vulnerabilities

CVE-2021-40690

by Fred · 19/09/2021

All versions of Apache Santuario – XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

Date published : 2021-09-19

https://www.debian.org/security/2021/dsa-5010

https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E

Similar

Tags: Cybersecurity Alert