| - module: github.com/russellhaering/goxmldsig |
| vulnerable_at: 0.0.0-20200902171629-2e1fbc2c5593 |
| - package: github.com/russellhaering/goxmldsig |
| - ValidationContext.findSignature |
| - ValidationContext.Validate |
| Due to the behavior of encoding/xml, a crafted XML document may cause |
| XML Digital Signature validation to be entirely bypassed, causing an |
| unsigned document to appear signed. |
| published: 2021-04-14T20:04:52Z |
| - fix: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64 |