In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0
References
Configurations
History
07 Nov 2023, 03:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-09-29 16:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-15216
Mitre link : CVE-2020-15216
CVE.ORG link : CVE-2020-15216
JSON object : View
Products Affected
fedoraproject
- fedora
goxmldsig_project
- goxmldsig
CWE
CWE-347
Improper Verification of Cryptographic Signature