5 matches found
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
CVE-2023-34205
CVE-2023-34205 affects moov-io/signedxml up to version 1.0.0, where parsing raw vs canonicalized XML can produce different outputs, enabling a Signature Wrapping (XSW) bypass of signature validation. The issue is documented across multiple feeds (NVD, Red Hat, GHSA, OSV) with a high CVSS (CRITICA...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...