julz0815 / test-action

0 stars 1 forks source link

CVE: 2013-2172 found in Apache XML Security for Java - Version: 1.5.1 [JAVA] #1168

Open github-actions[bot] opened 1 month ago

github-actions[bot] commented 1 month ago

Veracode Software Composition Analysis

Attribute Details
Library Apache XML Security for Java
Description Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. Since ver
Language JAVA
Vulnerability Spoofable XML Signature
Vulnerability description jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the SignedInfo part of the Signature.
CVE 2013-2172
CVSS score 4.3
Vulnerability present in version/s 1.5.0-1.5.4
Found library version/s 1.5.1
Vulnerability fixed in version 1.5.5
Library latest version 4.0.2
Fix

Links: