CVE-2024-34580

2024-06-2605:15:51

Debian Security Bug Tracker

security-tracker.debian.org

apache xml security

xmldsig

ssrf

keyinfo

unix

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification “correctly” and are not “at fault.”

OSVersionArchitecturePackageVersionFilename
Debian12allxml-security-c<= 2.0.4-2xml-security-c_2.0.4-2_all.deb
Debian11allxml-security-c<= 2.0.2-4xml-security-c_2.0.2-4_all.deb
Debian999allxml-security-c<= 2.0.4-2xml-security-c_2.0.4-2_all.deb
Debian13allxml-security-c<= 2.0.4-2xml-security-c_2.0.4-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xml-security-c	<= 2.0.4-2	xml-security-c_2.0.4-2_all.deb
Debian	11	all	xml-security-c	<= 2.0.2-4	xml-security-c_2.0.2-4_all.deb
Debian	999	all	xml-security-c	<= 2.0.4-2	xml-security-c_2.0.4-2_all.deb
Debian	13	all	xml-security-c	<= 2.0.4-2	xml-security-c_2.0.4-2_all.deb