CVE-2009-0217: XML signature HMAC truncation authentication bypass
(updated )
This package uses a parameter that defines an HMAC truncation length (HMACOutputLength
) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
References
Detect and mitigate CVE-2009-0217 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →