VulnerableCode Package Details - pkg:alpm/archlinux/mattermost@5.26.2-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-d4n1-h8n8-aaas	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.	CVE-2020-29509 GHSA-xhqq-x44f-9fgg
VCID-gr8u-cwm1-aaan	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.	CVE-2020-29511
VCID-my95-nvxp-aaae	The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.	CVE-2020-29510

Vulnerability

Summary

Aliases

VCID-d4n1-h8n8-aaas

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

CVE-2020-29509
GHSA-xhqq-x44f-9fgg

VCID-gr8u-cwm1-aaan

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

CVE-2020-29511

VCID-my95-nvxp-aaae

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

CVE-2020-29510

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:48.026412+00:00	Arch Linux Importer	Fixing	VCID-d4n1-h8n8-aaas	https://security.archlinux.org/AVG-1358	36.0.0
2025-03-28T07:46:47.995497+00:00	Arch Linux Importer	Fixing	VCID-my95-nvxp-aaae	https://security.archlinux.org/AVG-1358	36.0.0
2025-03-28T07:46:47.966920+00:00	Arch Linux Importer	Fixing	VCID-gr8u-cwm1-aaan	https://security.archlinux.org/AVG-1358	36.0.0
2024-09-18T02:02:08.772066+00:00	Arch Linux Importer	Fixing	VCID-d4n1-h8n8-aaas	https://security.archlinux.org/AVG-1358	34.0.1
2024-09-18T02:02:08.752427+00:00	Arch Linux Importer	Fixing	VCID-my95-nvxp-aaae	https://security.archlinux.org/AVG-1358	34.0.1
2024-09-18T02:02:08.731835+00:00	Arch Linux Importer	Fixing	VCID-gr8u-cwm1-aaan	https://security.archlinux.org/AVG-1358	34.0.1
2024-01-03T22:28:11.236743+00:00	Arch Linux Importer	Fixing	VCID-d4n1-h8n8-aaas	https://security.archlinux.org/AVG-1358	34.0.0rc1
2024-01-03T22:28:11.214803+00:00	Arch Linux Importer	Fixing	VCID-my95-nvxp-aaae	https://security.archlinux.org/AVG-1358	34.0.0rc1
2024-01-03T22:28:11.192766+00:00	Arch Linux Importer	Fixing	VCID-gr8u-cwm1-aaan	https://security.archlinux.org/AVG-1358	34.0.0rc1