Vulnerability in Node-saml Xml-crypto
CVE-2024-32962
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3…
EPSS: 0.008 (53.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Node-saml Xml-crypto — versions >= 4.0.0, < 6.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com
Frequently asked questions
- What is CVE-2024-32962?
- CVE-2024-32962 is a critical-severity vulnerability in Node-saml Xml-crypto, classified under Improper Verification of Cryptographic Signature. CVSS score: 10.0/10. Published 2024-05-02.
- How severe is CVE-2024-32962?
- Critical severity. CVSS v3 base score is 10.0 out of 10.
- Is CVE-2024-32962 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.