CVE-2021-40690: Exposure of Sensitive Information to an Unauthorized Actor
(updated )
Apache Santuario - XML Security for Java is vulnerable to an issue where the secureValidation
property is not passed correctly when creating a KeyInfo
from a KeyInfoReference
element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod
element.
References
Detect and mitigate CVE-2021-40690 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →