Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Signature Validation Bypass in goxmldsig
Vulnerability Description
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
goxmldsig 数据伪造问题漏洞
Vulnerability Description
goxmldsig是个人开发者的一个Go语言编写的数字签名库。该库继承了 SAML2.0,不需要命令行工具即可进行签名的生成和验证功能。 goxmldsig (XML Digital Signatures implemented in pure Go) 1.1.0之前版本存在数据伪造问题漏洞,该漏洞允许攻击者可以完全绕过签名验证,并将经过更改的文件作为签名文件传递出去。
CVSS Information
N/A
Vulnerability Type
N/A