QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-12400

Back to search

CVE-2019-12400

Published: Aug 23, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.

VendorProductVersions

Apache

Apache Santuario - XML Security for Java

affected
All 2.0.x releases from 2.0.3
affected
all 2.1.x releases before 2.1.4.

References

RHSA-2020:0806
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0811
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0804
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0805
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now