cbcvebase.

Node-Saml Xml-Crypto vulnerabilities

3 known vulnerabilities affecting node-saml/xml-crypto.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3

Vulnerabilities

Page 1 of 1
CVE-2025-29774P2CRITICALCVSS 9.3v>= 4.0.0, < 6.0.1v>= 3.0.0, < 3.2.1+1 more2025-03-14
CVE-2025-29774 [CRITICAL] CWE-347 CVE-2025-29774: xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able t xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid
ghsanvdosv
CVE-2025-29775P2CRITICALCVSS 9.3v>= 4.0.0, < 6.0.1v>= 3.0.0, < 3.2.1+1 more2025-03-14
CVE-2025-29775 [CRITICAL] CWE-347 CVE-2025-29775: xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able t xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid
ghsanvdosv
CVE-2024-32962P2CRITICALCVSS 10.0v>= 4.0.0, < 6.0.02024-05-02
CVE-2024-32962 [CRITICAL] CWE-347 CVE-2024-32962: xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional validation steps, the default configuration allows a ma
ghsanvdosv
Node-Saml Xml-Crypto vulnerabilities | cvebase