Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/xml-crypto@4.0.0
Typenpm
Namespace
Namexml-crypto
Version4.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.0
Latest_non_vulnerable_version6.0.1
Affected_by_vulnerabilities
0
url VCID-9jj5-xy45-sue6
vulnerability_id VCID-9jj5-xy45-sue6
summary 
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-CoreValidation. As such, without additional validation steps, the default configuration allows a malicious actor to re-sign an XML document, place the certificate in a `<KeyInfo />` element, and pass `xml-crypto` default validation checks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32962.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32962.json
1
reference_url https://github.com/node-saml/xml-crypto
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto
2
reference_url https://github.com/node-saml/xml-crypto/commit/21201723d2ca9bc11288f62cf72552b7d659b000
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/21201723d2ca9bc11288f62cf72552b7d659b000
3
reference_url https://github.com/node-saml/xml-crypto/commit/c2b83f984049edb68ad1d7c6ad0739ec92af11ca
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/c2b83f984049edb68ad1d7c6ad0739ec92af11ca
4
reference_url https://github.com/node-saml/xml-crypto/discussions/399
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/discussions/399
5
reference_url https://github.com/node-saml/xml-crypto/pull/301
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/pull/301
6
reference_url https://github.com/node-saml/xml-crypto/pull/445
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/pull/445
7
reference_url https://security.netapp.com/advisory/ntap-20240705-0003
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240705-0003
8
reference_url https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-CoreValidation
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-CoreValidation
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278798
reference_id 2278798
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278798
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32962
reference_id CVE-2024-32962
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32962
11
reference_url https://github.com/advisories/GHSA-2xp3-57p7-qf4v
reference_id GHSA-2xp3-57p7-qf4v
reference_type
scores
url https://github.com/advisories/GHSA-2xp3-57p7-qf4v
12
reference_url https://github.com/node-saml/xml-crypto/security/advisories/GHSA-2xp3-57p7-qf4v
reference_id GHSA-2xp3-57p7-qf4v
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/security/advisories/GHSA-2xp3-57p7-qf4v
fixed_packages
0
url pkg:npm/xml-crypto@6.0.0
purl pkg:npm/xml-crypto@6.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/xml-crypto@6.0.0
aliases CVE-2024-32962, GHSA-2xp3-57p7-qf4v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jj5-xy45-sue6
1
url VCID-am16-rjug-t3fa
vulnerability_id VCID-am16-rjug-t3fa
summary 
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29774.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29774.json
1
reference_url https://github.com/node-saml/xml-crypto
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto
2
reference_url https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed
3
reference_url https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98
4
reference_url https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07
5
reference_url https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6
6
reference_url https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1
7
reference_url https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1
8
reference_url https://workos.com/blog/samlstorm
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://workos.com/blog/samlstorm
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2352596
reference_id 2352596
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2352596
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-29774
reference_id CVE-2025-29774
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-29774
11
reference_url https://github.com/advisories/GHSA-9p8x-f768-wp2g
reference_id GHSA-9p8x-f768-wp2g
reference_type
scores
url https://github.com/advisories/GHSA-9p8x-f768-wp2g
12
reference_url https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g
reference_id GHSA-9p8x-f768-wp2g
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g
13
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
14
reference_url https://access.redhat.com/errata/RHSA-2025:3595
reference_id RHSA-2025:3595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3595
fixed_packages
0
url pkg:npm/xml-crypto@6.0.1
purl pkg:npm/xml-crypto@6.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/xml-crypto@6.0.1
aliases CVE-2025-29774, GHSA-9p8x-f768-wp2g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am16-rjug-t3fa
2
url VCID-jt3b-tqv6-5ybb
vulnerability_id VCID-jt3b-tqv6-5ybb
summary 
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29775.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29775.json
1
reference_url https://github.com/node-saml/xml-crypto
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto
2
reference_url https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed
3
reference_url https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98
4
reference_url https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07
5
reference_url https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6
6
reference_url https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1
7
reference_url https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1
8
reference_url https://workos.com/blog/samlstorm
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://workos.com/blog/samlstorm
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2352600
reference_id 2352600
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2352600
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-29775
reference_id CVE-2025-29775
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-29775
11
reference_url https://github.com/advisories/GHSA-x3m8-899r-f7c3
reference_id GHSA-x3m8-899r-f7c3
reference_type
scores
url https://github.com/advisories/GHSA-x3m8-899r-f7c3
12
reference_url https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3
reference_id GHSA-x3m8-899r-f7c3
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3
13
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
14
reference_url https://access.redhat.com/errata/RHSA-2025:3595
reference_id RHSA-2025:3595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3595
15
reference_url https://access.redhat.com/errata/RHSA-2025:7626
reference_id RHSA-2025:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7626
fixed_packages
0
url pkg:npm/xml-crypto@6.0.1
purl pkg:npm/xml-crypto@6.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/xml-crypto@6.0.1
aliases CVE-2025-29775, GHSA-x3m8-899r-f7c3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jt3b-tqv6-5ybb
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/xml-crypto@4.0.0