Vulnerability Report: GO-2020-0050
- CVE-2020-15216, GHSA-q547-gmf8-8jr7
- Affects: github.com/russellhaering/goxmldsig
- Published: Apr 14, 2021
- Modified: May 20, 2024
Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.1.0
Aliases
References
- https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
- https://vuln.go.dev/ID/GO-2020-0050.json
Credits
- @jupenur
Feedback
See anything missing or incorrect?
Suggest an edit to this report.