Vulnerabilities (CVE)

Filtered by vendor Goxmldsig Project Subscribe
Filtered by product Goxmldsig
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7711 1 Goxmldsig Project 1 Goxmldsig 2024-11-21 5.0 MEDIUM 7.5 HIGH
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
CVE-2020-15216 2 Fedoraproject, Goxmldsig Project 2 Fedora, Goxmldsig 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0