EUVD-2021-2083

Malware in sbrugna...

The vulnerability of the XML data security platform in Java applications arises from XML Apache Santuario. This issue is related to errors in transmitting the “secureValidation” property during the creation of a KeyInfo object from a KeyInfoReference element. This vulnerability allows attackers to gain access to any .xml files.

The vulnerability of the XML data security platform in Java applications is related to errors in transmitting the “secureValidation” property during the creation of a KeyInfo object from a KeyInfoReference element. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...

Debian: Security Advisory (DSA-5010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

CVE-2021-40690 Bypass of the secureValidation property

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

Apache Santuario 信息泄露漏洞

Apache Santuario is the Apache Foundation's primary set of security standards for implementing XML and consists of two libraries: Apache XML Security for Java and Apache XML Security for C++. An information disclosure vulnerability exists in Apache Santuario XML Security for Java, which stems fro...