VYPR
Moderate severityNVD Advisory· Published Sep 29, 2020· Updated Aug 4, 2024

Signature Validation Bypass in goxmldsig

CVE-2020-15216

Description

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/russellhaering/goxmldsigGo
< 1.1.01.1.0

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.