The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CPE | Name | Operator | Version |
---|---|---|---|
go | eq | go1.8beta2 | |
go | eq | weekly.2011-11-02 | |
go | eq | weekly.2010-03-04 | |
go | eq | weekly.2010-09-06 | |
go | eq | go1.12beta1 | |
go | eq | weekly.2010-12-08 | |
go | eq | go1.11beta1 | |
go | eq | weekly.2010-03-22 | |
go | eq | weekly.2011-05-22 | |
go | eq | go1.6beta2 |