Lucene search
Veracode Vulnerability DatabaseVERACODE:27285HistorySep 30, 2020 - 1:47 a.m.
Signature Validation Bypass
2020-09-3001:47:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
github
vulnerability
signature
validation
bypass
xml
file
input
manipulated
EPSS
0.002
Percentile
54.2%
github.com/russellhaering/goxmldsig is vulnerable to signature validation bypass. An attacker is able to bypass the signature validation using a malicious XML file input and submit a manipulated file as signed one.
References
github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
lists.fedoraproject.org/archives/list/[email protected]/message/GUH33FPUXED3FHYL25BJOQPRKFGPOMS2/
lists.fedoraproject.org/archives/list/[email protected]/message/ZECBFD4M4PHBMBOCMSQ537NOU37QOVWP/
pkg.go.dev/github.com/russellhaering/goxmldsig?tab=overview
Related
fedora
fedora
cvelist
cvelist
CVE-2020-15216 Signature Validation Bypass in goxmldsig
2020-09-29 16:00:18
ubuntucve
ubuntucve
CVE-2020-15216
2020-09-29 00:00:00
nessus
nessus
Fedora 32 : golang-github-russellhaering-goxmldsig (2021-9316ee2948)
2021-01-14 00:00:00
Fedora 33 : golang-github-russellhaering-goxmldsig (2021-a2a7673da2)
2021-01-14 00:00:00
github
github
Critical security issues in XML encoding in github.com/dexidp/dex
2021-12-20 17:53:53
redhatcve
redhatcve
CVE-2020-15216
2020-10-01 06:05:42
nvd
nvd
CVE-2020-15216
2020-09-29 16:15:11
debiancve
debiancve
CVE-2020-15216
2020-09-29 16:15:11
openvas
openvas
prion
prion
Design/Logic Flaw
2020-09-29 16:15:00
cve
cve
CVE-2020-15216
2020-09-29 16:15:11
osv
osv
Authentication Bypass in dex
2021-12-20 17:52:12