Skip to main content

Signedxml

1 CVEs product

Monthly

CVE-2023-34205 Go CRITICAL PATCH Act Now

In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Signedxml
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Signedxml
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy