BIT-golang-2020-29509

Import Source

https://github.com/bitnami/vulndb/tree/main/data/golang/BIT-golang-2020-29509.json

Aliases

CVE-2020-29509
GHSA-xhqq-x44f-9fgg
GO-2021-0060

Published

2024-03-06T11:07:09.710Z

Modified

2024-03-06T11:25:28.861Z

Details

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

References

https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md
https://security.netapp.com/advisory/ntap-20210129-0006/

Affected packages

Bitnami / golang

Package

Name: golang

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.17.0