Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.6 views

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

9.1CVSS6.8AI score0.00389EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/05/30 12:0 a.m.9 views

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

6.8AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/30 12:0 a.m.18 views

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

9.4AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2023/05/30 12:0 a.m.60 views

CVE-2023-34205

CVE-2023-34205 affects moov-io/signedxml up to version 1.0.0, where parsing raw vs canonicalized XML can produce different outputs, enabling a Signature Wrapping (XSW) bypass of signature validation. The issue is documented across multiple feeds (NVD, Red Hat, GHSA, OSV) with a high CVSS (CRITICA...

9.1CVSS9AI score0.00389EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/30 12:0 a.m.11 views

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

9.1CVSS7.1AI score0.00389EPSS
Exploits0References3
Rows per page
Query Builder