VYPR

npm package

xml-crypto

pkg:npm/xml-crypto

Vulnerabilities (3)

  • CVE-2025-29775CriMar 14, 2025
    affected >= 4.0.0, < 6.0.1fixed 6.0.1

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed

  • CVE-2025-29774CriMar 14, 2025
    affected >= 4.0.0, < 6.0.1fixed 6.0.1

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed

  • CVE-2024-32962CriMay 2, 2024
    affected >= 4.0.0, < 6.0.0fixed 6.0.0

    xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, with