CVE-2019-12400 vulnerability in Apache and Other Products
Published on August 23, 2019
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
Products Associated with CVE-2019-12400
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12400 are published in these products:
Affected Versions
Apache Santuario - XML Security for Java:- Version All 2.0.x releases from 2.0.3 is affected.
- Version all 2.1.x releases before 2.1.4. is affected.
Exploit Probability
EPSS
0.59%
Percentile
68.74%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.