CVE-2020-29510
14.12.2020, 20:15
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.Enginsight
| Vendor | Product | Version |
|---|---|---|
| golang | go | 𝑥 ≤ 1.15 |
| netapp | trident | - |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| golang |
| ||||||||||||||||||||||||
| golang-1.10 |
| ||||||||||||||||||||||||
| golang-1.13 |
| ||||||||||||||||||||||||
| golang-1.14 |
| ||||||||||||||||||||||||
| golang-1.15 |
| ||||||||||||||||||||||||
| golang-1.6 |
| ||||||||||||||||||||||||
| golang-1.8 |
| ||||||||||||||||||||||||
| golang-1.9 |
|
Common Weakness Enumeration
References