CNNVD-202511-2833 Information

CNNVD ID

CNNVD-202511-2833

Related CVE

CVE-2025-40934

• CNNVD Published: 2025-11-26

Description (Chinese)

perl-XML-Sig是Net::SAML2 Perl Support开源的一个对XML数字签名进行签名和验证的包。 perl-XML-Sig 0.27版本至0.67版本存在安全漏洞，该漏洞源于错误验证无签名的XML文件。

Description (English)

Perl-XML-Sig is a package for signing and authenticating XML digital signatures from Net:::SAML2 Perl Support source. Perl-XML-Sig Versions 0.27 to 0.67 have a security loophole, which originates from an error in authenticating an unsigned XML file.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Net::SAML2 Perl Support

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/perl-net-saml2/perl-XML-Sig/pull/64 https://github.com/perl-net-saml2/perl-XML-Sig/issues/63 https://access.redhat.com/security/cve/cve-2025-40934