FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f7e9a1cc-0931-11ee-94b4-6cc21735f730	xmltooling -- remote resource access Shibboleth consortium reports: An updated version of the XMLTooling library that is part of the OpenSAML and Shibboleth Service Provider software is now available which corrects a server-side request forgery (SSRF) vulnerability. Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. Discovery 2023-06-12 Entry 2023-06-12 xmltooling < 3.2.4 https://shibboleth.net/community/advisories/secadv_20230612.txt

VuXML ID

Description

f7e9a1cc-0931-11ee-94b4-6cc21735f730

xmltooling -- remote resource access

Shibboleth consortium reports:

An updated version of the XMLTooling library that is part of the OpenSAML and Shibboleth Service Provider software is now available which corrects a server-side request forgery (SSRF) vulnerability.

Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs.

While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future.

Discovery 2023-06-12
Entry 2023-06-12
xmltooling

< 3.2.4

https://shibboleth.net/community/advisories/secadv_20230612.txt