CVE-2020-29510

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Go versions 1.15 and earlier

Description The issue arises from the encoding/xml package in Go not correctly preserving the semantics of directives during tokenization round-trips. This allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

Recommendations For Go versions 1.15 and earlier, consider updating to a version that includes the fix for this issue, as the current version does not correctly preserve the semantics of directives during tokenization round-trips. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-115

Related Identifiers

ALT-PU-2020-2766

ALT-PU-2021-1456

ALT-PU-2021-1941

BIT-GOLANG-2020-29510

CVE-2020-29510

Affected Products

Alt Linux

Debian

CVE-2020-29510

Weakness Enumeration

Related Identifiers

Affected Products

References · 14