USN-6274-1: XMLTooling vulnerability
3 August 2023
XMLTooling could be made to allow for unintended server side actions if it received specially crafted input.
- xmltooling - C++ XML parsing library with encryption support
Jurien de Jong discovered that XMLTooling did not properly handle certain
KeyInfo element content within an XML signature. An attacker could possibly
use this issue to achieve server-side request forgery.