Closed mend-bolt-for-github[bot] closed 3 years ago
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #159
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #159
CVE-2013-2172 - Medium Severity Vulnerability
Vulnerable Library - xmlsec-1.4.2.jar
Path to vulnerable library: First_real_scan/target/libs/provided/xmlsec-1.4.2.jar
Dependency Hierarchy: - :x: **xmlsec-1.4.2.jar** (Vulnerable Library)
Found in HEAD commit: 517ce877d9ca28b78d99878eae6078eb4dbd1e1b
Found in base branch: main
Vulnerability Details
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Publish Date: 2013-08-20
URL: CVE-2013-2172
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172
Release Date: 2013-08-20
Fix Resolution: org.apache.santuario:xmlsec:1.4.8,1.5.5;org.glassfish.metro:webservices-rt:2.4.0
Step up your Open Source Security Game with WhiteSource here