{"id":"CVE-2020-15216","details":"In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0","aliases":["GHSA-q547-gmf8-8jr7","GO-2020-0050"],"modified":"2026-05-28T04:05:41.495668245Z","published":"2020-09-29T16:15:11.023Z","database_specific":{"unresolved_ranges":[{"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"32"},{"last_affected":"33"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"],"source":"CPE_STRING"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUH33FPUXED3FHYL25BJOQPRKFGPOMS2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZECBFD4M4PHBMBOCMSQ537NOU37QOVWP/"},{"type":"ADVISORY","url":"https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7"},{"type":"ADVISORY","url":"https://pkg.go.dev/github.com/russellhaering/goxmldsig?tab=overview"},{"type":"FIX","url":"https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/russellhaering/goxmldsig","events":[{"introduced":"0"},{"fixed":"6f318b2f18251aa66983056c1db7e4eef312103c"},{"fixed":"f6188febf0c29d7ffe26a0436212b19cb9615e64"}],"database_specific":{"cpe":"cpe:2.3:a:goxmldsig_project:goxmldsig:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.1.0"}],"source":["CPE_RANGE","REFERENCES"]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15216.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}