7 matches found
GHSA-M9HP-7R99-94H5 Critical security issues in XML encoding in github.com/dexidp/dex
Impact The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector: Signature Validation Bypass CVE-2020-15216: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 encoding/xml instabilities: - Element namespace prefix...
Fedora 33 : golang-github-russellhaering-goxmldsig (2021-a2a7673da2)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-a2a7673da2 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...
Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-a2a7673da2)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : golang-github-russellhaering-goxmldsig (2021-9316ee2948)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9316ee2948 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...
CVE-2020-15216
CVE-2020-15216 affects the Go package goxmldsig (XML Digital Signatures, pure Go). Before 1.1.0, a crafted XML file can cause signature validation to be bypassed, allowing an altered document to appear signed. A patch is available: upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb961...
CVE-2020-15216 Signature Validation Bypass in goxmldsig
In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...
CVE-2020-15216
In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...