CVE-2020-7711: NULL Pointer Dereference

October 7, 2022 (updated February 24, 2023)

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

References

github.com/advisories/GHSA-mqqv-chpx-vq25
github.com/russellhaering/goxmldsig/issues/48
nvd.nist.gov/vuln/detail/CVE-2020-7711
pkg.go.dev/vuln/GO-2020-0046
snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOXMLDSIG-608301

Detect and mitigate CVE-2020-7711 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →