CVE-2020-13101

Name of the Vulnerable Software and Affected Versions OASIS Digital Signature Services (DSS) version 1.0

Description The issue allows an attacker to control the validation outcome of a signature via a crafted XML signature when the InlineXML option is used, defeating the expectation of non-repudiation. This can result in either a valid or invalid outcome for a valid or invalid signature.

Recommendations For OASIS Digital Signature Services (DSS) version 1.0, consider disabling the InlineXML option as a temporary workaround until a patch is available. Restrict access to the XML signature validation mechanism to minimize the risk of exploitation. Avoid using the crafted XML signature feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.