Apache Santuario Xml Security Java
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Santuario Xml Security Java.
By the Year
In 2024 there have been 0 vulnerabilities in Apache Santuario Xml Security Java . Last year Santuario Xml Security Java had 1 security vulnerability published. Right now, Santuario Xml Security Java is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 6.50 |
2022 | 0 | 0.00 |
2021 | 1 | 7.50 |
2020 | 0 | 0.00 |
2019 | 1 | 5.50 |
2018 | 0 | 0.00 |
It may take a day or so for new Santuario Xml Security Java vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Santuario Xml Security Java Security Vulnerabilities
All versions of Apache Santuario - XML Security for Java prior to 2.2.6
CVE-2023-44483
6.5 - Medium
- October 20, 2023
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
Insertion of Sensitive Information into Log File
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo
CVE-2021-40690
7.5 - High
- September 19, 2021
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
Information Disclosure
In version 2.0.3 Apache Santuario XML Security for Java
CVE-2019-12400
5.5 - Medium
- August 23, 2019
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
Improper Input Validation
Apache Santuario XML Security for Java 2.0.x before 2.0.3
CVE-2014-8152
- January 21, 2015
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.
7PK - Security Features
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms
CVE-2013-4517
- January 11, 2014
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Resource Management Errors
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5
CVE-2013-2172
- August 20, 2013
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Cryptographic Issues
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Santuario Xml Security Java or by Apache? Click the Watch button to subscribe.