CVE-2013-2172: Cryptographic Issues

August 20, 2013 (updated October 9, 2018)

Attackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the SignedInfo part of the Signature.

References

santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172

Detect and mitigate CVE-2013-2172 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →