xml-crypto 0.8.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the xml-crypto package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Improper Verification of Cryptographic Signature xml-crypto is a xml digital signature and encryption library for Node.js. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the manipulation of the `DigestValue` element within the XML structure. An attacker can alter the integrity of the XML document and bypass security checks by inserting or modifying comments within the `DigestValue` element. How to fix Improper Verification of Cryptographic Signature? Upgrade `xml-crypto` to version 2.1.6, 3.2.1, 6.0.1 or higher.	<2.1.6>=3.0.0 <3.2.1>=4.0.0 <6.0.1
C Improper Verification of Cryptographic Signature xml-crypto is a xml digital signature and encryption library for Node.js. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the `SignedInfo` references. An attacker can modify a valid signed XML message to bypass signature verification checks by altering critical identity or access control attributes, enabling privilege escalation or impersonation. How to fix Improper Verification of Cryptographic Signature? Upgrade `xml-crypto` to version 2.1.6, 3.2.1, 6.0.1 or higher.	<2.1.6>=3.0.0 <3.2.1>=4.0.0 <6.0.1
H Signature Validation Bypass xml-crypto is a xml digital signature and encryption library for Node.js. Affected versions of this package are vulnerable to Signature Validation Bypass. An attacker can inject an `HMAC-SHA1` signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation. How to fix Signature Validation Bypass? Upgrade `xml-crypto` to version 2.0.0 or higher.	<2.0.0

Vulnerability

Vulnerable Version

Improper Verification of Cryptographic Signature

xml-crypto is a xml digital signature and encryption library for Node.js.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the manipulation of the DigestValue element within the XML structure. An attacker can alter the integrity of the XML document and bypass security checks by inserting or modifying comments within the DigestValue element.

How to fix Improper Verification of Cryptographic Signature?

Upgrade xml-crypto to version 2.1.6, 3.2.1, 6.0.1 or higher.

<2.1.6>=3.0.0 <3.2.1>=4.0.0 <6.0.1

Improper Verification of Cryptographic Signature

xml-crypto is a xml digital signature and encryption library for Node.js.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the SignedInfo references. An attacker can modify a valid signed XML message to bypass signature verification checks by altering critical identity or access control attributes, enabling privilege escalation or impersonation.

How to fix Improper Verification of Cryptographic Signature?

Upgrade xml-crypto to version 2.1.6, 3.2.1, 6.0.1 or higher.

<2.1.6>=3.0.0 <3.2.1>=4.0.0 <6.0.1

Signature Validation Bypass

xml-crypto is a xml digital signature and encryption library for Node.js.

Affected versions of this package are vulnerable to Signature Validation Bypass. An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation.

How to fix Signature Validation Bypass?

Upgrade xml-crypto to version 2.0.0 or higher.

<2.0.0

xml-crypto@0.8.4 vulnerabilities

Xml digital signature and encryption library for Node.js

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically