CVE-2019-12400
CVSS v3.1
5.5 (Medium)
CVSS v2.0
1.9 (Low)
EPSS
0.20 % (57th)
Affected Products
3
Advisories
1
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
Weaknesses
- CWE-20
- Improper Input Validation
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2019-08-23 21:15:11
(5 years ago) - Updated Date
-
2023-11-07 03:03:33
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...