moov-io/signedxml

Releases10

Frequency3 months 4 weeks

Last Release 3 months ago

Stars66

pure go library for processing signed XML documents

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-34205 ↗	May 30, 2023Tuesday, 30 May 2023, 04:15	9.1 CRITICAL	—
In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).