Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification “correctly” and are not “at fault.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | xml-security-c | <= 2.0.4-2 | xml-security-c_2.0.4-2_all.deb |
Debian | 11 | all | xml-security-c | <= 2.0.2-4 | xml-security-c_2.0.2-4_all.deb |
Debian | 999 | all | xml-security-c | <= 2.0.4-2 | xml-security-c_2.0.4-2_all.deb |
Debian | 13 | all | xml-security-c | <= 2.0.4-2 | xml-security-c_2.0.4-2_all.deb |