Количество 6
Количество 6
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2. ...
GHSA-j8wc-gxx9-82hx
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario
BDU:2023-07907
Уязвимость платформы для обеспечения безопасности XML-данных в приложениях на языке Java XML Apache Santuario XML Security for Java, связанная с ошибками при передачи свойства "secureValidation" при создании объекта KeyInfo из элемента KeyInfoReference, позволяющая нарушителю получить доступ к произвольным файлам с расширением .xml
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2. ... | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| GHSA-j8wc-gxx9-82hx Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
 | BDU:2023-07907 Уязвимость платформы для обеспечения безопасности XML-данных в приложениях на языке Java XML Apache Santuario XML Security for Java, связанная с ошибками при передачи свойства "secureValidation" при создании объекта KeyInfo из элемента KeyInfoReference, позволяющая нарушителю получить доступ к произвольным файлам с расширением .xml | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу