| module: github.com/russellhaering/goxmldsig |
| versions: |
| - fixed: v1.1.0 |
| description: | |
| Due to the behavior of encoding/xml, a crafted XML document may cause |
| XML Digital Signature validation to be entirely bypassed, causing an |
| unsigned document to appear signed. |
| published: 2021-04-14T12:00:00Z |
| cve: CVE-2020-15216 |
| credit: "@jupenur" |
| symbols: |
| - ValidationContext.findSignature |
| links: |
| commit: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64 |
| context: |
| - https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 |