GO-2022-0409

Source
https://pkg.go.dev/vuln/GO-2022-0409
Import Source
https://vuln.go.dev/ID/GO-2022-0409.json
Aliases
Published
2022-07-01T20:08:30Z
Modified
2023-11-10T21:41:30.893968Z
Details

An attacker can create an XML file which completely bypasses signature validation, passing off an altered file as a signed one.

References

Affected packages

Go / github.com/russellhaering/goxmldsig

Package

Name
github.com/russellhaering/goxmldsig

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.1.0

Ecosystem specific 

{
    "symbols": [
        "ValidationContext.findSignature",
        "ValidationContext.Validate"
    ]
}

Database specific 

{
    "url": "https://pkg.go.dev/vuln/GO-2022-0409"
}