Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAB8XdGAMZrPaNOxowgAaotbePiiC4EOTYw7Ri3DNqAVZQb0y8g@mail.gmail.com>
Date: Fri, 17 Sep 2021 11:07:19 +0100
From: Colm O hEigeartaigh <coheigea@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2021-40690: Apache Santuario: Bypass of the secureValidation property

Description:

All versions of Apache Santuario - XML Security for Java prior to
2.2.3 and 2.1.7 are vulnerable to an issue where the
"secureValidation" property is not passed correctly when creating a
KeyInfo from a KeyInfoReference element. This allows an attacker to
abuse an XPath Transform to extract any local .xml files in a
RetrievalMethod element.

Credit:

An Trinh, Calif.

References:

https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.