xml-crypto@0.0.22 vulnerabilities

Xml digital signature and encryption library for Node.js

latest version

6.0.0
latest non vulnerable version

6.0.0
first published

12 years ago
latest version published

9 months ago
licenses detected
- MIT
  >=0
View xml-crypto package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the xml-crypto package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Signature Validation Bypass xml-crypto is a xml digital signature and encryption library for Node.js. Affected versions of this package are vulnerable to Signature Validation Bypass. An attacker can inject an `HMAC-SHA1` signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation. How to fix Signature Validation Bypass? Upgrade `xml-crypto` to version 2.0.0 or higher.	<2.0.0

Signature Validation Bypass

xml-crypto is a xml digital signature and encryption library for Node.js.

Affected versions of this package are vulnerable to Signature Validation Bypass. An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation.

How to fix Signature Validation Bypass?

Upgrade xml-crypto to version 2.0.0 or higher.

<2.0.0

Go back to all versions of this package

xml-crypto@0.0.22 vulnerabilities

Xml digital signature and encryption library for Node.js

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities