Back

CVE-2024-34580

June 26, 2024, 4:15 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Apache XML Security for C++

  • up to 2.0.4

Source

cve@mitre.org

Tags

cve@mitre.org
2024-06-26
CVE-2024-34580

CVE-2024-34580 details

Published : June 26, 2024, 5:15 a.m.
Last Modified : June 26, 2024, 4:15 p.m.

Description

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://cloud.google.com/blog/topics/threat-intelligence/apache-library-allows-server-side-request-forgery cve@mitre.org
https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2024-21893.md cve@mitre.org
https://santuario.apache.org/download.html cve@mitre.org
https://www.sonatype.com/blog/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.