CVE-2020-29510 log

Source
Severity Medium
Remote Yes
Type Incorrect calculation
Description
Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder implementations. Encoding and decoding using Go's encoding/xml can introduce new structures around a maliciously crafted XML directive.

Affected applications include software that relies on XML integrity for security-sensitive decisions. Prominent examples of such applications include SAML and XML-DSig implementations.
Group Package Affected Fixed Severity Status Ticket
AVG-1358 mattermost 5.26.1-1 5.26.2-1 Medium Fixed
AVG-1357 go 2:1.16.7-1 2:1.17-1 Medium Fixed
References
https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md
https://github.com/mattermost/xml-roundtrip-validator
https://github.com/golang/go/issues/43168
https://go-review.googlesource.com/c/go/+/277893
https://github.com/golang/go/commit/a9cfd55e2b09735a25976d1b008a0a3c767494f8
Notes
Workaround
==========

The github.com/mattermost/xml-roundtrip-validator module can detect unstable constructs in an XML document, including unstable directives. Invoking the validator on all untrusted markup and failing early if it returns an error can prevent these types of issue from being exploited in an otherwise affected application.