Apache Software Foundation Santuario XML Security for Java 2.2.1

CPE Details

Apache Software Foundation Santuario XML Security for Java 2.2.1
apache
santuario_xml_security_for_java
2.2.1
2023-04-28
15h41 +00:00
2023-04-28
15h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:santuario_xml_security_for_java:2.2.1:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

santuario_xml_security_for_java

Version

2.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-44483 2023-10-20 09h23 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5
Medium
CVE-2021-40690 2021-09-18 22h00 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5
High