Go modules package
github.com/moov-io/signedxml
pkg:golang/github.com/moov-io/signedxml
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-34205 | — | < 1.1.0 | 1.1.0 | May 30, 2023 | In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW). |
- CVE-2023-34205May 30, 2023affected < 1.1.0fixed 1.1.0
In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).