{"url":"http://public2.vulnerablecode.io/api/packages/44134?format=json","purl":"pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.2.0-1?distro=sid","type":"deb","namespace":"debian","name":"golang-github-russellhaering-goxmldsig","version":"1.2.0-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207742?format=json","vulnerability_id":"VCID-51qu-fd72-kbar","summary":"In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15216.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15216","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43354","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15216"},{"reference_url":"https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64"},{"reference_url":"https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUH33FPUXED3FHYL25BJOQPRKFGPOMS2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUH33FPUXED3FHYL25BJOQPRKFGPOMS2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBFD4M4PHBMBOCMSQ537NOU37QOVWP","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBFD4M4PHBMBOCMSQ537NOU37QOVWP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15216","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15216"},{"reference_url":"https://pkg.go.dev/github.com/russellhaering/goxmldsig?tab=overview","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/github.com/russellhaering/goxmldsig?tab=overview"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0050","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1884118","reference_id":"1884118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1884118"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971615","reference_id":"971615","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971615"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44135?format=json","purl":"pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/44136?format=json","purl":"pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.0-1%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.0-1%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/44134?format=json","purl":"pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.2.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.2.0-1%3Fdistro=sid"}],"aliases":["CVE-2020-15216","GHSA-q547-gmf8-8jr7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51qu-fd72-kbar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208088?format=json","vulnerability_id":"VCID-va34-y462-2ba6","summary":"This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7711.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7711","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63542","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7711"},{"reference_url":"https://github.com/russellhaering/gosaml2/issues/59","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/russellhaering/gosaml2/issues/59"},{"reference_url":"https://github.com/russellhaering/goxmldsig","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/russellhaering/goxmldsig"},{"reference_url":"https://github.com/russellhaering/goxmldsig/issues/48","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/russellhaering/goxmldsig/issues/48"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7711","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7711"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0046","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0046"},{"reference_url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOXMLDSIG-608301","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOXMLDSIG-608301"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1871691","reference_id":"1871691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1871691"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968928","reference_id":"968928","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968928"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44136?format=json","purl":"pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.0-1%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.0-1%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/44137?format=json","purl":"pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.1.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/44134?format=json","purl":"pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.2.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.2.0-1%3Fdistro=sid"}],"aliases":["CVE-2020-7711","GHSA-mqqv-chpx-vq25"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-va34-y462-2ba6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-russellhaering-goxmldsig@1.2.0-1%3Fdistro=sid"}