Lucene search
K

41 matches found

OSV
OSV
added 2026/03/27 6:39 p.m.2 views

GO-2026-4753 Loop Variable Capture Signature Bypass in goxmldsig in github.com/russellhaering/goxmldsig

Loop Variable Capture Signature Bypass in goxmldsig in github.com/russellhaering/goxmldsig...

7.5CVSS5.8AI score0.00299EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 5:17 p.m.26 views

CVE-2026-33487 goxmldsig has validateSignature Loop Variable Capture Signature Bypass

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

7.5CVSS0.00299EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

goxmldsig 安全漏洞

Goxmldsig is a digital signature library written in Go language by Russell Haering. This library inherits from SAML 2.0, allowing signature generation and verification functions to be performed without the need for command-line tools. Versions of goxmldsig prior to 1.6.0 contained security...

7.5CVSS5.8AI score0.00299EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/18 8:18 p.m.4 views

validateSignature Loop Variable Capture Signature Bypass in goxmldsig

Details The validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version, there is a loop variable capture issue. The code takes the address of the...

7.5CVSS5.8AI score0.00299EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/18 8:18 p.m.2 views

GHSA-479M-364C-43VC validateSignature Loop Variable Capture Signature Bypass in goxmldsig

Details The validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version, there is a loop variable capture issue. The code takes the address of the...

7.5CVSS5.8AI score0.00299EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-7133

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01755EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-7711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

7.5CVSS7.1AI score0.01755EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-15216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature...

6.5CVSS6.5AI score0.00898EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/10/07 7:17 a.m.25 views

goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures

This affects all versions of package github.com/russellhaering/goxmldsig prior to 1.1.1. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. This issue is patched in version 1.1.1...

7.5CVSS7.1AI score0.01755EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2022/10/07 7:17 a.m.20 views

GHSA-MQQV-CHPX-VQ25 goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures

This affects all versions of package github.com/russellhaering/goxmldsig prior to 1.1.1. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. This issue is patched in version 1.1.1...

7.5CVSS7.2AI score0.01755EPSS
Exploits1References6
OSV
OSV
added 2021/05/24 4:59 p.m.17 views

GHSA-5684-G483-2249 Signature Validation Bypass

Impact Given a valid SAML Response, an attacker can potentially modify the document, bypassing signature validation in order to pass off the altered document as a signed one. This enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in th...

7.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/05/24 4:59 p.m.39 views

Signature Validation Bypass

Impact An authentication bypass exists in the goxmldsig this library uses to determine if SAML assertions are genuine. An attacker could craft a SAML response that would appear to be valid but would not have been genuinely issued by the IDP. Patches Version 0.4.2 bumps the dependency which should...

0.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/05/24 4:57 p.m.19 views

GHSA-Q547-GMF8-8JR7 github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass

Impact With a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. Patches A patch is available, all users of goxmldsig should upgrade to v1.1.0. For more information If you have any questions or comments about this...

5.3CVSS6.5AI score0.00977EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.93 views

github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass

Impact With a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. Patches A patch is available, all users of goxmldsig should upgrade to v1.1.0. For more information If you have any questions or comments about this...

6.5CVSS6.7AI score0.00898EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/04/14 8:4 p.m.32 views

GO-2020-0050 XML digital signature validation bypass in github.com/russellhaering/goxmldsig

Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed...

9.8CVSS7.4AI score0.01718EPSS
Exploits0References1
Fedora
Fedora
added 2021/01/14 1:44 a.m.85 views

[SECURITY] Fedora 32 Update: golang-github-russellhaering-goxmldsig-1.1.0-1.fc32

Pure Go implementation of XML Digital Signatures...

6.5CVSS1.9AI score0.00898EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/01/14 12:0 a.m.22 views

Fedora 32 : golang-github-russellhaering-goxmldsig (2021-9316ee2948)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9316ee2948 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...

6.5CVSS6.6AI score0.00898EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/01/14 12:0 a.m.28 views

Fedora 33 : golang-github-russellhaering-goxmldsig (2021-a2a7673da2)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-a2a7673da2 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...

6.5CVSS6.6AI score0.00898EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/01/14 12:0 a.m.20 views

Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-a2a7673da2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS8.2AI score0.00898EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/01/14 12:0 a.m.22 views

Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-9316ee2948)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS8.2AI score0.00898EPSS
Exploits0References2
Rows per page
Query Builder