Unrated severityNVD Advisory· Published Dec 14, 2020· Updated Sep 17, 2024
CVE-2020-29511
CVE-2020-29511
Description
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19- Range: all versions
- osv-coords17 versionspkg:apk/chainguard/go-1.19pkg:apk/chainguard/go-1.19-docpkg:apk/chainguard/go-1.20pkg:apk/chainguard/go-1.20-docpkg:apk/chainguard/go-1.21pkg:apk/chainguard/go-1.21-docpkg:apk/chainguard/go-fips-1.20pkg:apk/chainguard/go-fips-1.20-docpkg:apk/wolfi/go-1.19pkg:apk/wolfi/go-1.19-docpkg:apk/wolfi/go-1.20pkg:apk/wolfi/go-1.20-docpkg:apk/wolfi/go-1.21pkg:apk/wolfi/go-1.21-docpkg:apk/wolfi/go-fips-1.20pkg:apk/wolfi/go-fips-1.20-docpkg:bitnami/golang
< 0+ 16 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.17.0
Patches
Vulnerability mechanics
References
2- github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.mdmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210129-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.