Lucene search
K

5 matches found

Circl
Circl
added 2025/03/20 12:0 p.m.6 views

CVE-2024-32962

creationtimestamp| type| source ---|---|--- 2025-03-20 12:00:09+00:00| published-proof-of-concept| Telegram/p7hLiccLONdwM2MX7hUwrX2iUDsZPVrkGyNQ09EnNeNIo2E...

10CVSS8.7AI score0.00833EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/03/20 6:17 a.m.332 views

Exploit for CVE-2024-32962

Poc-CVE-2024-32962-xml-crypto A simulation of an atta...

10CVSS7AI score0.00833EPSS
Exploits1
CVE
CVE
added 2024/05/02 6:48 a.m.106 views

CVE-2024-32962

The CVE concerns the xml-crypto library (Node.js). Affected versions 4.0.0 through 6.0.0 use a default configuration that does not validate signer authorization, only the signature’s cryptographic validity against the xmldsig-core spec. This allows an attacker to re-sign an XML document and inser...

10CVSS9.3AI score0.00833EPSS
Exploits1References7
OSV
OSV
added 2024/05/02 6:48 a.m.28 views

CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

10CVSS8.6AI score0.00833EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2024/05/01 5:5 p.m.9 views

@boxyhq/saml-jackson (>=1.11.2 <=1.17.1), @boxyhq/saml20 (>=1.2.4 <=1.4.1) +7 more potentially affected by CVE-2024-32962 via xml-crypto (>=4.1.0 <=5.1.1)

xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2024-32962 Source advisory: OSV:GHSA-2XP3-57P7-QF4V...

10CVSS7.2AI score0.00833EPSS
Exploits1
Rows per page
Query Builder