CVE-2023-34205 Information

Description

In Moov signedxml through 1.0.0 parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus signature validation can be bypassed via a Signature Wrapping attack (aka XSW).

Reference

https://github.com/moov-io/signedxml/issues/23