Oval Definition:	oval:org.opensuse.security:def:202140690
Revision Date: 2022-06-30 Version: 1 Title: CVE-2021-40690 Description: All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2021-40690 SUSE CVE-2021-40690 Platform(s): openSUSE Tumbleweed Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information xml-security-2.1.7-1.1 is installed OR xml-security-javadoc-2.1.7-1.1 is installed
BACK