Vulnerabilities > Apache > Santuario XML Security FOR Java > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2023-44483 Unspecified vulnerability in Apache Santuario XML Security for Java
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
network
low complexity
apache
6.5
2019-08-23 CVE-2019-12400 Improper Input Validation vulnerability in multiple products
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders.
local
low complexity
apache redhat oracle CWE-20
5.5