Vulnerability in Node-saml Xml-crypto

CVE-2024-32962

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3…

EPSS: 0.008 (53.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-32962?
CVE-2024-32962 is a critical-severity vulnerability in Node-saml Xml-crypto, classified under Improper Verification of Cryptographic Signature. CVSS score: 10.0/10. Published 2024-05-02.
How severe is CVE-2024-32962?
Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2024-32962 known to be exploited?
3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.