You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It doesn't seem to be entirely mitigated in the upcoming Go release, therefore it would be nice to have a rule which warns people when they are using the xml encoding without sanitisation.
Summary
There is a recent vulnerability which was reported in encoding/xml package. See https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ and https://github.com/mattermost/xml-roundtrip-validator/tree/master/advisories for more details.
It doesn't seem to be entirely mitigated in the upcoming Go release, therefore it would be nice to have a rule which warns people when they are using the xml encoding without sanitisation.
See also this xml input validator https://github.com/mattermost/xml-roundtrip-validator
Steps to reproduce the behavior
gosec version
Go version (output of 'go version')
Operating system / Environment
Expected behavior
Actual behavior
The text was updated successfully, but these errors were encountered: