Vulnerabilities > Apache > Santuario XML Security FOR Java > 2.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2023-44483 Information Exposure Through Log Files vulnerability in Apache Santuario XML Security for Java
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
network
low complexity
apache CWE-532
6.5
6.5
2021-09-19 CVE-2021-40690 Information Exposure vulnerability in multiple products
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle CWE-200
7.5
7.5
2019-08-23 CVE-2019-12400 Improper Input Validation vulnerability in multiple products
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders.
local
low complexity
apache redhat oracle CWE-20
5.5
5.5