DSA-5010-1 libxml-security-java -- libxml-security-javaID: oval:org.secpod.oval:def:605686 | Date: (C)2021-11-17 (M)2023-11-13 |
Class: PATCH | Family: unix |
Apache Santuario - XML Security for Java is vulnerable to an issue where the secureValidation property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
Platform: |
Debian 10.x |
Debian 11.x |
Product: |
libxml-security-java |