XML-Sig is a Perl module used to validate signatures on XML files. It's designed to ensure the authenticity and integrity of XML documents by checking for digital signatures. Without proper validation, an attacker can manipulate the XML file to bypass signature checks.
Affected versions: 0.27, 0.67 If you don't recognise this software, you're probably not affected.
Upgrade to XML-Sig version 1.00, which fixes the vulnerability.
- Immediate mitigations:
- Restrict network access to your system (firewall it from the public internet)
- Audit XML file signatures for suspicious patterns
- Monitor for unauthorized signature creation