reports/GO-2022-0409.yaml - vulndb - Git at Google

 packages:
   - module: github.com/russellhaering/goxmldsig
     symbols:
       - ValidationContext.findSignature
     derived_symbols:
       - ValidationContext.Validate
     versions:
       - fixed: 1.1.0
     vulnerable_at: 0.0.0-20200902171629-2e1fbc2c5593
 description: |
     An attacker can create an XML file which completely bypasses signature validation,
     passing off an altered file as a signed one.
 cves:
   - CVE-2020-15216
 ghsas:
   - GHSA-q547-gmf8-8jr7
 links:
     commit: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
     context:
       - https://github.com/advisories/GHSA-rrfw-hg9m-j47h
	packages:
	- module: github.com/russellhaering/goxmldsig
	symbols:
	- ValidationContext.findSignature
	derived_symbols:
	- ValidationContext.Validate
	versions:
	- fixed: 1.1.0
	vulnerable_at: 0.0.0-20200902171629-2e1fbc2c5593
	description: \|
	An attacker can create an XML file which completely bypasses signature validation,
	passing off an altered file as a signed one.
	cves:
	- CVE-2020-15216
	ghsas:
	- GHSA-q547-gmf8-8jr7
	links:
	commit: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
	context:
	- https://github.com/advisories/GHSA-rrfw-hg9m-j47h