5 matches found
CVE-2024-32962
creationtimestamp| type| source ---|---|--- 2025-03-20 12:00:09+00:00| published-proof-of-concept| Telegram/p7hLiccLONdwM2MX7hUwrX2iUDsZPVrkGyNQ09EnNeNIo2E...
Exploit for CVE-2024-32962
Poc-CVE-2024-32962-xml-crypto A simulation of an atta...
CVE-2024-32962
The CVE concerns the xml-crypto library (Node.js). Affected versions 4.0.0 through 6.0.0 use a default configuration that does not validate signer authorization, only the signature’s cryptographic validity against the xmldsig-core spec. This allows an attacker to re-sign an XML document and inser...
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
@boxyhq/saml-jackson (>=1.11.2 <=1.17.1), @boxyhq/saml20 (>=1.2.4 <=1.4.1) +7 more potentially affected by CVE-2024-32962 via xml-crypto (>=4.1.0 <=5.1.1)
xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2024-32962 Source advisory: OSV:GHSA-2XP3-57P7-QF4V...