PT-2024-41023 · Oracle · Java Xml

Name of the Vulnerable Software and Affected Versions: Java XML affected versions not specified Description: The issue is related to a security exception in the Java XML library. A crash occurs in the DOM2TO.parse function, which is part of the com.sun.org.apache.xalan.internal.xsltc.trax package...

GHSA-M9HP-7R99-94H5 Critical security issues in XML encoding in github.com/dexidp/dex

Impact The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector: Signature Validation Bypass CVE-2020-15216: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 encoding/xml instabilities: - Element namespace prefix...

CVE-2020-29511

The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...