–³—ΏƒAƒNƒZƒXƒJƒEƒ“ƒ^[ofuda.ccu‘S’ŠEƒJƒEƒ“ƒgŒv‰ζv
‘ŒfŽ¦”‚ɖ߂遑 ‘‰ί‹ŽƒƒO‘qŒΙ‚֖߂遑

yBreaking NewszCVE-2024-32962 (CVSS 10): Critical Vulnerability in XML-Crypto Affects Millions

1 F‚Υ‚Ι‚Υ‚Ι–Ό–³‚΅‚³‚ρ (ƒXƒŒŽε)F2024/05/02(–Ψ) 19:14:33.86 ID:eK5dZPHM
A significant security flaw has been discovered in the widely used XML-Crypto npm package, a tool integral to the cryptographic security of XML documents.

2 F‚Υ‚Ι‚Υ‚Ι–Ό–³‚΅‚³‚ρ (ƒXƒŒŽε)F2024/05/02(–Ψ) 19:15:33.31 ID:eK5dZPHM
This vulnerability, identified as CVE-2024-32962, carries the highest severity score of 10 on the Common Vulnerability Scoring System (CVSS).
That's indicating its critical nature. The issue stems from a fundamental oversight in the packagefs default configuration, which fails to properly verify the authenticity of digital signatures, thereby allowing signature spoofing.
https://securityonline.info/cve-2024-32962-cvss-10-critical-vulnerability-in-xml-crypto-affects-millions/

‘ŒfŽ¦”‚ɖ߂遑 ‘‰ί‹ŽƒƒO‘qŒΙ‚֖߂遑
0ch+ BBS 0.7.5 20220323 (Tuned by ƒC[ƒuƒCƒƒCš)