CVE-2014-8152 – org.apache.santuario:xmlsec

Package

Manager: maven
Name: org.apache.santuario:xmlsec
Vulnerable Version: >=2.0.0 <2.0.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02955 pctl0.85943

Details

Improper Input Validation in Apache Santuario XML Security Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.

Metadata

Created: 2022-05-13T01:05:55Z
Modified: 2024-04-12T21:48:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w7cq-j9p9-hm3m/GHSA-w7cq-j9p9-hm3m.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-w7cq-j9p9-hm3m
Finding: F184
Auto approve: 1