Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入的错误解释
Vulnerability Title
Google Go encoding 安全漏洞
Vulnerability Description
Google Go encoding是美国Google公司的一个基于Go语言为数据提供多种形式编码的代码库。 Go encoding/xml package 存在安全漏洞,该漏洞源于在标记化往返过程中没有正确地保留属性名称空间前缀的语义,这使得攻击者可利用该漏洞可以在受影响的下游应用程序的不同处理阶段以冲突的方式创建输入。
CVSS Information
N/A
Vulnerability Type
N/A