CVE-2026-32600
- EPSS 0.01%
- Veröffentlicht 13.03.2026 19:58:41
- Zuletzt bearbeitet 17.03.2026 19:25:09
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can us...
CVE-2024-34580
- EPSS 0.02%
- Veröffentlicht 26.06.2024 05:15:51
- Zuletzt bearbeitet 21.11.2024 09:18:58
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any v...
CVE-2023-49087
- EPSS 0.21%
- Veröffentlicht 30.11.2023 06:15:47
- Zuletzt bearbeitet 21.11.2024 08:32:47
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signat...