Bypassing verification in the xml-crypto library, which has a million downloads per week
A vulnerability (CVE-402-2024) has been identified in the xml-crypto JavaScript library, used as a dependency in 32962 projects and downloaded from the NPM catalog about a million times every week, which has been assigned the maximum severity level (10 out of 10). The library provides functions for encryption and digital signature verification of XML documents. The vulnerability allows an attacker to authenticate a fictitious document, which in the default configuration would be [β¦]