{ "threat_severity" : "Moderate", "public_date" : "2021-09-17T00:00:00Z", "bugzilla" : { "description" : "xml-security: XPath Transform abuse allows for information disclosure", "id" : "2011190", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2011190" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element." ], "statement" : "Since OpenShift Container Platform (OCP) 4.7, the logging-elasticsearch6-container is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.", "affected_release" : [ { "product_name" : "EAP 7.3.10 GA", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5154", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package" : "xmlsec" }, { "product_name" : "Red Hat EAP-XP 2 via EAP 7.3.x base", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0146", "cpe" : "cpe:/a:redhat:jbosseapxp", "package" : "xmlsec" }, { "product_name" : "Red Hat Fuse 7.11", "release_date" : "2022-07-07T00:00:00Z", "advisory" : "RHSA-2022:5532", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "xmlsec" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2021-11-15T00:00:00Z", "advisory" : "RHSA-2021:4679", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "xmlsec" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2025-04-28T00:00:00Z", "advisory" : "RHSA-2025:4226", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Single Sign-On 7.4.10", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5170", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7", "package" : "xmlsec" }, { "product_name" : "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0151", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "package" : "rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0152", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "package" : "rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el8sso" }, { "product_name" : "RHAF Camel-K 1.8", "release_date" : "2022-09-09T00:00:00Z", "advisory" : "RHSA-2022:6407", "cpe" : "cpe:/a:redhat:integration:1", "package" : "camel-quarkus-xmlsecurity" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2022-01-18T00:00:00Z", "advisory" : "RHSA-2022:0164", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso75-openshift-rhel8:7.5-15" }, { "product_name" : "RHINT Camel-Q 2.2.1", "release_date" : "2022-03-22T00:00:00Z", "advisory" : "RHSA-2022:1013", "cpe" : "cpe:/a:redhat:camel_quarkus:2.2.1" }, { "product_name" : "RHINT Service Registry 2.0.3 GA", "release_date" : "2022-02-09T00:00:00Z", "advisory" : "RHSA-2022:0501", "cpe" : "cpe:/a:redhat:service_registry:2.0.3", "package" : "xmlsec" }, { "product_name" : "RHSSO 7.5.1", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0155", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Not affected", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Ansible Tower 3", "fix_state" : "Not affected", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:ansible_tower:3" }, { "product_name" : "Red Hat Integration Camel Quarkus 1", "fix_state" : "Affected", "package_name" : "camel-quarkus-xmlsecurity", "cpe" : "cpe:/a:redhat:camel_quarkus:2" }, { "product_name" : "Red Hat Integration Service Registry", "fix_state" : "Affected", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat JBoss SOA Platform 5", "fix_state" : "Out of support scope", "package_name" : "xml-security", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:5" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "openshift3/ose-logging-elasticsearch5", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Out of support scope", "package_name" : "openshift4/ose-logging-elasticsearch6", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-40690\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40690\nhttps://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E" ], "name" : "CVE-2021-40690", "csaw" : false }