Packagist (Composer) package
simplesamlphp/xml-security
pkg:composer/simplesamlphp/xml-security
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32600 | — | >= 2.0.0, < 2.3.1 | 2.3.1 | Mar 13, 2026 | xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authe | ||
| CVE-2023-49087 | — | >= 1.6.11, < 1.6.12 | 1.6.12 | Nov 30, 2023 | xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (th |
- CVE-2026-32600Mar 13, 2026affected >= 2.0.0, < 2.3.1fixed 2.3.1
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authe
- CVE-2023-49087Nov 30, 2023affected >= 1.6.11, < 1.6.12fixed 1.6.12
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (th