In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0
References
Configurations
History
07 Nov 2023, 03:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 May 2021, 13:18
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBFD4M4PHBMBOCMSQ537NOU37QOVWP/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUH33FPUXED3FHYL25BJOQPRKFGPOMS2/ - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
14 Jan 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-09-29 16:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-15216
Mitre link : CVE-2020-15216
CVE.ORG link : CVE-2020-15216
JSON object : View
Products Affected
goxmldsig_project
- goxmldsig
fedoraproject
- fedora
CWE
CWE-347
Improper Verification of Cryptographic Signature