blob: 1d424ec81dd9f42f08fe8d8abfe18c4bdd6936ed [file] [log] [blame]
id: GO-2020-0050
modules:
- module: github.com/russellhaering/goxmldsig
versions:
- fixed: 1.1.0
vulnerable_at: 0.0.0-20200902171629-2e1fbc2c5593
packages:
- package: github.com/russellhaering/goxmldsig
symbols:
- ValidationContext.findSignature
derived_symbols:
- ValidationContext.Validate
summary: XML digital signature validation bypass in github.com/russellhaering/goxmldsig
description: |-
Due to the behavior of encoding/xml, a crafted XML document may cause XML
Digital Signature validation to be entirely bypassed, causing an unsigned
document to appear signed.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-15216
ghsas:
- GHSA-q547-gmf8-8jr7
credits:
- '@jupenur'
references:
- fix: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64