← Back

Signedxml

signedxml

Vendor: Moov • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-34205
1Moov
1Signedxml
Jan 10, 2025
May 30, 2023
N/A· v4
9.1 CRITICAL· v3
N/A· v2
In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).