Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of ver
Language
JAVA
Vulnerability
Bypass Of Secure Validation
Vulnerability description
Apache Santuario is vulnerable to bypass of secure validation. Lack of secure handling of secureValidation property allows an attacker to abuse an XPath Transform and to extract any local .xml files in a RetrievalMethod element during the creation of a KeyInfo from a KeyInfoReference element.
Veracode Software Composition Analysis
secureValidation
property allows an attacker to abuse an XPath Transform and to extract any local .xml files in a RetrievalMethod element during the creation of a KeyInfo from a KeyInfoReference element.Links: