VYPR

Go modules package

github.com/moov-io/signedxml

pkg:golang/github.com/moov-io/signedxml

Vulnerabilities (1)

  • CVE-2023-34205May 30, 2023
    affected < 1.1.0fixed 1.1.0

    In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).