CVE-2020-29510
First published: Mon Dec 14 2020(Updated: )
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
Credit: responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Golang Go | <=1.15 | |
| Netapp Trident |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-29510?
CVE-2020-29510 is a vulnerability in the encoding/xml package in Go versions 1.15 and earlier.
What is the severity of CVE-2020-29510?
The severity of CVE-2020-29510 is critical with a severity value of 5.6.
Which software versions are affected by CVE-2020-29510?
The affected software versions are Golang Go up to and including 1.15, and Netapp Trident.
How does CVE-2020-29510 impact affected applications?
CVE-2020-29510 can allow an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
Where can I find more information about CVE-2020-29510?
You can find more information about CVE-2020-29510 at the following references: [GitHub](https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md) and [Netapp Security Advisories](https://security.netapp.com/advisory/ntap-20210129-0006/).
- collector/nvd-index
- agent/weakness
- agent/description
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/golang
- canonical/golang go
- version/golang go/1.15
- vendor/netapp
- canonical/netapp trident