Signature Validation Bypass in skeshari12/automate (master)

[PratyakshaSinha]

Signature Validation Bypass in skeshari12/automate (master)

Issue Details

• Vulnerability: Signature Validation Bypass
• Severity: Medium
• Project: skeshari12/automate
• Branch: master
• Scan Date: Unknown

Issue Description

github.com/russellhaering/goxmldsig is vulnerable to signature validation bypass. An attacker is able to bypass the signature validation using a malicious XML file input and submit a manipulated file as signed one.

View more details