Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library.
References
Configurations
No configuration.
History
08 Aug 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library. | |
References |
|
03 Jul 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-918 |
26 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 Jun 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-26 05:15
Updated : 2024-08-08 18:15
NVD link : CVE-2024-34580
Mitre link : CVE-2024-34580
CVE.ORG link : CVE-2024-34580
JSON object : View
Products Affected
No product.
CWE
CWE-918
Server-Side Request Forgery (SSRF)