6 matches found
alertwise (=1.0.0), aos-signer (>=0.0.6 <=1.8.0b9) +15 more potentially affected by CVE-2025-48995 via signxml (>=2.10.1 <=4.0.2)
signxml PYPI version =2.10.1, =0.0.6, =0.5.1, =1.0.0, =0.5.1, =1.1.0, =0.1.0, =1.4.0, =2.0.0, =1.0.0, =0.5.3, =0.5.27, =1.5.3, =1.6.3 and more Source cves: CVE-2025-48995 Source advisory: OSV:GHSA-GMHF-GG8W-JW42...
alertwise (=1.0.0) potentially affected by CVE-2025-48995 via signxml (=4.0.2)
signxml PYPI version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on signxml and may be impacted: - alertwise =1.0.0 Source cves: CVE-2025-48995 Source advisory: SNYK:PYTHON-SIGNXML-10303872...
CVE-2025-48995
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995
creationtimestamp| type| source ---|---|--- 2025-06-02 17:04:06+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqnawo6y44y2...
CVE-2025-48995
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995
CVE-2025-48995 affects SignXML (Python implementation of W3C XML Signature) prior to 4.0.4. When verify() is called with require_x509=False and an HMAC secret (hmac_key=...), the timing-based vulnerability may leak information about the correct HMAC during the comparison, enabling reconstruction ...