Vulnerability	Vulnerable Version
C Improper Verification of Cryptographic Signature xml-crypto is a xml digital signature and encryption library for Node.js. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the manipulation of the `DigestValue` element within the XML structure. An attacker can alter the integrity of the XML document and bypass security checks by inserting or modifying comments within the `DigestValue` element. How to fix Improper Verification of Cryptographic Signature? Upgrade `xml-crypto` to version 2.1.6, 3.2.1, 6.0.1 or higher.	<2.1.6>=3.0.0 <3.2.1>=4.0.0 <6.0.1
C Improper Verification of Cryptographic Signature xml-crypto is a xml digital signature and encryption library for Node.js. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the `SignedInfo` references. An attacker can modify a valid signed XML message to bypass signature verification checks by altering critical identity or access control attributes, enabling privilege escalation or impersonation. How to fix Improper Verification of Cryptographic Signature? Upgrade `xml-crypto` to version 2.1.6, 3.2.1, 6.0.1 or higher.	<2.1.6>=3.0.0 <3.2.1>=4.0.0 <6.0.1
H Signature Validation Bypass xml-crypto is a xml digital signature and encryption library for Node.js. Affected versions of this package are vulnerable to Signature Validation Bypass. An attacker can inject an `HMAC-SHA1` signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation. How to fix Signature Validation Bypass? Upgrade `xml-crypto` to version 2.0.0 or higher.	<2.0.0

Go back to all versions of this package