CVE-2020-29511

The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

CVE-2020-29510

CVE-2020-29510 concerns the encoding/xml package in Go versions 1.15 and earlier, where tokenization round-trips fail to preserve directive semantics. This can let an attacker craft inputs that behave differently across processing stages in affected downstream applications. The connected OSV entr...

Google Go encoding security vulnerability

Google Go encoding is a code library from Google Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in the Go encoding/xml package that stems from not properly preserving the semantics of attribute namespace prefixes during tokenizatio...

PT-2020-17182 · Go +1 · Encoding/Xml Package +1

Name of the Vulnerable Software and Affected Versions: encoding/xml package in Go all versions Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of element namespace prefixes during tokenization round-trips. This allows an attacker to craft...

PT-2020-17181 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions 1.15 and earlier Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of directives during tokenization round-trips. This allows an attacker to craft inputs that behave in...