Vulnerability Details CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.9%
CVSS Severity
CVSS v3 Score 9.1
References