CVE: 2013-4517 found in Apache XML Security for Java - Version: 1.5.1 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Apache XML Security for Java
Description	Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of ver
Language	JAVA
Vulnerability	Denial Of Service (DoS) Memory Consumption
Vulnerability description	Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
CVE	2013-4517
CVSS score	4.3
Vulnerability present in version/s	1.0-1.5.5
Found library version/s	1.5.1
Vulnerability fixed in version	1.5.6
Library latest version	3.0.1
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/117?version=1.5.1
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/808
• Patch: https://github.com/apache/santuario-java/compare/10c73335ccd7fabe63ea58754bea1bc4b2dc4a93...402e581537543ffa6bea283c0e5e1baae880464f

[github-actions[bot]]

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2