There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator
Patches
In version 0.4.3, all XML input is validated prior to being parsed.
Impact
There are three vulnerabilities in the go
encoding/xmlpackage that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validatorPatches
In version 0.4.3, all XML input is validated prior to being parsed.
References