xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-19…

The xml-security library has a vulnerability in versions prior to 2.3.1 and 1.13.9 where XML nodes encrypted with AES-GCM algorithms (aes-128-gcm, aes-192-gcm, or aes-256-gcm) lack proper validation of authentication tag length. This flaw allows attackers to brute-force authentication tags, recover GHASH keys, decrypt encrypted nodes, and forge arbitrary ciphertexts without knowing the encryption key. The vulnerability affects XML signatures and encryption implementations and has been patched in versions 2.3.1 and 1.13.9.