Description

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library.

INFO

Published Date :

2024-06-26T00:00:00.000Z

Last Modified :

2024-08-08T17:18:46.698Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34580 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34580.

URL Resource
https://cloud.google.com/blog/topics/threat-intelligence/apache-library-allows-server-side-request-forgery cve-icon cve-icon cve-icon
https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2024-21893.md cve-icon cve-icon cve-icon
https://lists.apache.org/thread/po2gocnw4gtf4boy5mmjb54g62qhbrl9 cve-icon cve-icon
https://santuario.apache.org/download.html cve-icon cve-icon cve-icon
https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/3726671873/Santuario cve-icon cve-icon
https://www.sonatype.com/blog/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact