An attacker can create an XML file which completely bypasses signature validation, passing off an altered file as a signed one.
{ "symbols": [ "ValidationContext.findSignature", "ValidationContext.Validate" ] }
{ "url": "https://pkg.go.dev/vuln/GO-2022-0409" }