In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-09-29T16:00:18
Updated: 2024-08-04T13:08:22.878Z
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15216
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-29T16:15:11.023
Modified: 2023-11-07T03:17:27.290
Link: CVE-2020-15216
Redhat