[MODLOGSAML-137] secureValidation vulnerability (CVE-2021-40690) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Done
Affects Version/s: None
Fix Version/s: 2.4.4
Labels:
- security

Template:

Standard Bug Write-Up Format
Sprint:
CP: sprint 137
Story Points:
1
Development Team:
Core: Platform
RCA Group:
TBD

Description

pac4j ships with org.apache.santuario:xmlsec@2.1.6 that contains a secureValidation XML vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2021-40690

Until a fixed vertx-pac4j and pac4j version is available we need to manually upgrade xmlsec.

TestRail: Results

Attachments

Activity

People

Assignee:: Julian Ladisch

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Apr/22 11:01 AM

Updated:: 13/Apr/22 7:38 PM

Resolved:: 13/Apr/22 7:38 PM

TestRail: Runs

TestRail: Cases