[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2013-2172":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":41,"related":42,"reserved_at":9,"published_at":44,"modified_at":45,"state":46,"summary":47,"references_raw":56,"kevs":206,"epss":207,"epss_history":210,"metrics":463,"affected":468},"CVE-2013-2172","jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak \"canonicalization algorithm to apply to the SignedInfo part of the Signature.\"",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"CWE-310","Cryptographic Issues","Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.","category","Draft",[],[],[20],"GHSA-r237-w2w6-jq3p",[],[23,25,27,29,31,33,35,37,39],{"_key":24},"UBUNTU-CVE-2013-2172",{"_key":26},"DLA-85-1",{"_key":28},"DSA-3065-1",{"_key":30},"MGASA-2014-0002",{"_key":32},"DEBIAN-CVE-2013-2172",{"_key":34},"RHSA-2013:1207",{"_key":36},"RHSA-2013:1208",{"_key":38},"RHSA-2013:1217",{"_key":40},"RHSA-2013:1219",[],[43],{"_key":30},"2013-08-20T22:00:00.000Z","2024-08-06T15:27:41.140Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":49,"epss_score":50,"severity":51,"severity_score":52,"severity_version":53,"severity_source":54,"severity_vector":55,"severity_status":46},false,"low",0.03643,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:N",[57,66,72,77,81,85,89,95,100,104,108,114,118,122,126,130,134,139,143,147,153,158,163,168,172,177,181,185,190,194,198,202],{"url":58,"sources":59,"tags":62},"http://rhn.redhat.com/errata/RHSA-2013-1219.html",[60,54,61],"cve.org","osv_maven",[63,64,65],"Vendor Advisory","X Refsource REDHAT","WEB",{"url":67,"sources":68,"tags":69},"http://secunia.com/advisories/54019",[60,54],[70,71,63],"Third Party Advisory","X Refsource SECUNIA",{"url":73,"sources":74,"tags":75},"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",[60,54,61],[76,65],"X Refsource CONFIRM",{"url":78,"sources":79,"tags":80},"http://rhn.redhat.com/errata/RHSA-2013-1218.html",[60,54,61],[63,64,65],{"url":82,"sources":83,"tags":84},"http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc",[60,54,61],[76,63,65],{"url":86,"sources":87,"tags":88},"http://rhn.redhat.com/errata/RHSA-2013-1209.html",[60,54,61],[63,64,65],{"url":90,"sources":91,"tags":92},"http://www.securityfocus.com/archive/1/534161/100/0/threaded",[60,54],[93,94],"Mailing List","X Refsource BUGTRAQ",{"url":96,"sources":97,"tags":98},"http://www.ubuntu.com/usn/USN-2028-1",[60,54,61],[63,99,65],"X Refsource UBUNTU",{"url":101,"sources":102,"tags":103},"http://rhn.redhat.com/errata/RHSA-2013-1217.html",[60,54,61],[63,64,65],{"url":105,"sources":106,"tags":107},"http://rhn.redhat.com/errata/RHSA-2013-1437.html",[60,54,61],[63,64,65],{"url":109,"sources":110,"tags":111},"http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h",[60,54,61],[112,113,65],"X Refsource MISC","Patch",{"url":115,"sources":116,"tags":117},"http://rhn.redhat.com/errata/RHSA-2013-1207.html",[60,54,61],[63,64,65],{"url":119,"sources":120,"tags":121},"http://rhn.redhat.com/errata/RHSA-2013-1375.html",[60,54,61],[63,64,65],{"url":123,"sources":124,"tags":125},"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",[60,54,61],[76,65],{"url":127,"sources":128,"tags":129},"http://rhn.redhat.com/errata/RHSA-2014-0212.html",[60,54,61],[63,64,65],{"url":131,"sources":132,"tags":133},"http://rhn.redhat.com/errata/RHSA-2013-1853.html",[60,54,61],[63,64,65],{"url":135,"sources":136,"tags":137},"http://seclists.org/fulldisclosure/2014/Dec/23",[60,54,61],[93,138,65],"X Refsource FULLDISC",{"url":140,"sources":141,"tags":142},"http://rhn.redhat.com/errata/RHSA-2013-1208.html",[60,54,61],[63,64,65],{"url":144,"sources":145,"tags":146},"http://rhn.redhat.com/errata/RHSA-2013-1220.html",[60,54,61],[63,64,65],{"url":148,"sources":149,"tags":150},"http://www.securityfocus.com/bid/60846",[60,54],[151,152],"VDB Entry","X Refsource BID",{"url":154,"sources":155,"tags":156},"http://www.osvdb.org/94651",[60,54],[151,157],"X Refsource OSVDB",{"url":159,"sources":160,"tags":161},"http://www.debian.org/security/2014/dsa-3065",[60,54,61],[63,162,65],"X Refsource DEBIAN",{"url":164,"sources":165,"tags":166},"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E",[60,54,61],[93,167,65],"X Refsource MLIST",{"url":169,"sources":170,"tags":171},"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E",[60,54,61],[93,167,65],{"url":173,"sources":174,"tags":175},"https://nvd.nist.gov/vuln/detail/CVE-2013-2172",[61],[176],"Advisory",{"url":178,"sources":179,"tags":180},"https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590",[61],[65],{"url":182,"sources":183,"tags":184},"https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f",[61],[65],{"url":186,"sources":187,"tags":188},"https://github.com/apache/santuario-java",[61],[189],"PACKAGE",{"url":191,"sources":192,"tags":193},"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E",[61],[65],{"url":195,"sources":196,"tags":197},"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E",[61],[65],{"url":199,"sources":200,"tags":201},"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded",[61],[65],{"url":203,"sources":204,"tags":205},"https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846",[61],[65],[],{"date":208,"score":50,"percentile":209},"2026-06-04",0.8806,[211,215,217,220,223,226,229,232,234,237,240,243,246,249,251,254,257,260,263,266,268,271,274,277,280,283,286,288,291,294,296,299,302,305,307,309,312,315,318,321,324,327,329,331,334,337,340,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393,396,399,402,405,407,409,411,414,417,420,423,426,429,431,434,437,440,443,446,448,451,454,456,458,460],{"date":212,"score":213,"percentile":214},"2025-11-04",0.05394,0.89663,{"date":216,"score":213,"percentile":214},"2025-11-05",{"date":218,"score":213,"percentile":219},"2025-11-06",0.89659,{"date":221,"score":213,"percentile":222},"2025-11-07",0.89665,{"date":224,"score":213,"percentile":225},"2025-11-08",0.89668,{"date":227,"score":213,"percentile":228},"2025-11-09",0.89666,{"date":230,"score":213,"percentile":231},"2025-11-10",0.89664,{"date":233,"score":213,"percentile":214},"2025-11-11",{"date":235,"score":213,"percentile":236},"2025-11-12",0.89671,{"date":238,"score":213,"percentile":239},"2025-11-13",0.89673,{"date":241,"score":213,"percentile":242},"2025-11-14",0.89676,{"date":244,"score":213,"percentile":245},"2025-11-15",0.89674,{"date":247,"score":213,"percentile":248},"2025-11-16",0.89677,{"date":250,"score":213,"percentile":245},"2025-11-17",{"date":252,"score":213,"percentile":253},"2025-11-18",0.89135,{"date":255,"score":213,"percentile":256},"2025-11-19",0.89139,{"date":258,"score":213,"percentile":259},"2025-11-20",0.89141,{"date":261,"score":213,"percentile":262},"2025-11-21",0.89684,{"date":264,"score":213,"percentile":265},"2025-11-22",0.89686,{"date":267,"score":213,"percentile":262},"2025-11-23",{"date":269,"score":213,"percentile":270},"2025-11-24",0.89688,{"date":272,"score":213,"percentile":273},"2025-11-25",0.89693,{"date":275,"score":213,"percentile":276},"2025-11-26",0.89694,{"date":278,"score":213,"percentile":279},"2025-11-27",0.89695,{"date":281,"score":213,"percentile":282},"2025-11-28",0.89687,{"date":284,"score":213,"percentile":285},"2025-11-29",0.89749,{"date":287,"score":213,"percentile":285},"2025-11-30",{"date":289,"score":213,"percentile":290},"2025-12-01",0.89807,{"date":292,"score":213,"percentile":293},"2025-12-02",0.8981,{"date":295,"score":213,"percentile":293},"2025-12-03",{"date":297,"score":213,"percentile":298},"2025-12-04",0.89751,{"date":300,"score":213,"percentile":301},"2025-12-05",0.89753,{"date":303,"score":213,"percentile":304},"2025-12-06",0.89752,{"date":306,"score":213,"percentile":285},"2025-12-07",{"date":308,"score":213,"percentile":285},"2025-12-08",{"date":310,"score":213,"percentile":311},"2025-12-09",0.89754,{"date":313,"score":213,"percentile":314},"2025-12-10",0.89765,{"date":316,"score":213,"percentile":317},"2025-12-11",0.89768,{"date":319,"score":213,"percentile":320},"2025-12-12",0.89774,{"date":322,"score":213,"percentile":323},"2025-12-13",0.89778,{"date":325,"score":213,"percentile":326},"2025-12-14",0.89779,{"date":328,"score":213,"percentile":326},"2025-12-15",{"date":330,"score":213,"percentile":320},"2025-12-16",{"date":332,"score":213,"percentile":333},"2025-12-17",0.8978,{"date":335,"score":213,"percentile":336},"2025-12-18",0.89787,{"date":338,"score":213,"percentile":339},"2025-12-19",0.89789,{"date":341,"score":213,"percentile":336},"2025-12-20",{"date":343,"score":213,"percentile":344},"2025-12-21",0.89795,{"date":346,"score":213,"percentile":347},"2025-12-22",0.89796,{"date":349,"score":213,"percentile":350},"2025-12-23",0.898,{"date":352,"score":213,"percentile":353},"2025-12-24",0.89805,{"date":355,"score":213,"percentile":356},"2025-12-25",0.89818,{"date":358,"score":213,"percentile":359},"2025-12-26",0.89816,{"date":361,"score":213,"percentile":362},"2025-12-27",0.89863,{"date":364,"score":213,"percentile":365},"2025-12-28",0.89811,{"date":367,"score":213,"percentile":368},"2025-12-29",0.89808,{"date":370,"score":213,"percentile":371},"2025-12-30",0.89815,{"date":373,"score":213,"percentile":374},"2025-12-31",0.89822,{"date":376,"score":213,"percentile":377},"2026-01-01",0.8989,{"date":379,"score":213,"percentile":380},"2026-01-02",0.89885,{"date":382,"score":213,"percentile":383},"2026-01-03",0.89884,{"date":385,"score":213,"percentile":386},"2026-01-04",0.8982,{"date":388,"score":213,"percentile":389},"2026-01-05",0.89817,{"date":391,"score":213,"percentile":392},"2026-01-06",0.89819,{"date":394,"score":213,"percentile":395},"2026-01-07",0.89823,{"date":397,"score":213,"percentile":398},"2026-01-08",0.89826,{"date":400,"score":213,"percentile":401},"2026-01-09",0.89828,{"date":403,"score":213,"percentile":404},"2026-01-10",0.89829,{"date":406,"score":213,"percentile":386},"2026-01-11",{"date":408,"score":213,"percentile":392},"2026-01-12",{"date":410,"score":213,"percentile":389},"2026-01-13",{"date":412,"score":213,"percentile":413},"2026-01-14",0.89832,{"date":415,"score":213,"percentile":416},"2026-01-15",0.89836,{"date":418,"score":213,"percentile":419},"2026-01-16",0.89839,{"date":421,"score":213,"percentile":422},"2026-01-17",0.89838,{"date":424,"score":213,"percentile":425},"2026-01-18",0.89835,{"date":427,"score":213,"percentile":428},"2026-01-19",0.89834,{"date":430,"score":213,"percentile":425},"2026-01-20",{"date":432,"score":213,"percentile":433},"2026-01-21",0.89837,{"date":435,"score":213,"percentile":436},"2026-01-22",0.8984,{"date":438,"score":213,"percentile":439},"2026-01-23",0.89849,{"date":441,"score":213,"percentile":442},"2026-01-24",0.89855,{"date":444,"score":213,"percentile":445},"2026-01-25",0.89854,{"date":447,"score":213,"percentile":445},"2026-01-26",{"date":449,"score":213,"percentile":450},"2026-01-27",0.89858,{"date":452,"score":213,"percentile":453},"2026-01-28",0.89865,{"date":455,"score":213,"percentile":453},"2026-01-29",{"date":457,"score":213,"percentile":362},"2026-01-30",{"date":459,"score":213,"percentile":362},"2026-01-31",{"date":461,"score":213,"percentile":462},"2026-02-01",0.89928,[464],{"source":54,"cvss_v2_0":465,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":52,"baseSeverity":9,"vectorString":55,"impactScore":466,"exploitabilityScore":467},2.9,8.6,[469,488],{"ecosystem":9,"name":470,"vendor":471,"product":472,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"santuario xml security for java","apache","santuario_xml_security_for_java","a",[475,478,480,482,484,486],{"version":476,"is_range":48,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.7","cpe",{"version":479,"is_range":48,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.0",{"version":481,"is_range":48,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.1",{"version":483,"is_range":48,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.2",{"version":485,"is_range":48,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.3",{"version":487,"is_range":48,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.4",{"ecosystem":489,"name":490,"vendor":491,"product":492,"cpe_part":9,"purl_type":493,"purl_namespace":491,"purl_name":492,"source":9,"versions":494},"Maven","org.apache.santuario:xmlsec","org.apache.santuario","xmlsec","maven",[495,503],{"version":496,"is_range":497,"range_type":498,"version_start":499,"version_start_type":500,"version_end":501,"version_end_type":502,"fixed_in":9},"gte1_4_0_lt1_4_8",true,"ecosystem","1.4.0","including","1.4.8","excluding",{"version":504,"is_range":497,"range_type":498,"version_start":479,"version_start_type":500,"version_end":505,"version_end_type":502,"fixed_in":9},"gte1_5_0_lt1_5_5","1.5.5"]