The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2020-12-14T19:57:44.107145Z

Updated: 2024-09-16T16:48:42.611Z

Reserved: 2020-12-03T00:00:00

Link: CVE-2020-29510

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-14T20:15:13.200

Modified: 2024-11-21T05:24:09.020

Link: CVE-2020-29510

cve-icon Redhat

Severity : Low

Publid Date: 2020-12-14T00:00:00Z

Links: CVE-2020-29510 - Bugzilla