CVE-2020-29509
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-29509
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入的错误解释
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google Go encoding 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google Go encoding是美国Google公司的一个基于Go语言为数据提供多种形式编码的代码库。 Go encoding/xml package 存在安全漏洞,该漏洞源于在标记化往返过程中没有正确地保留属性名称空间前缀的语义,这使得攻击者可利用该漏洞可以在受影响的下游应用程序的不同处理阶段以冲突的方式创建输入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2020-29509
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-29509
请登录查看更多情报信息。
- https://security.netapp.com/advisory/ntap-20210129-0006/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-29509
Same Patch Batch · Golang · 2020-12-14 · 3 CVEs total
| CVE-2020-29510 | 9.8 CRITICAL | Google Golang 安全漏洞 |
| CVE-2020-29511 | 9.8 CRITICAL | Google Go encoding 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-115
- CVE-2025-68113
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Re - CVE-2025-54584
GitProxy is vulnerable to a packfile parsing exploit - CVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_ms - CVE-2025-5747
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpreta - CVE-2025-32908
Libsoup: denial of service on libsoup through http/2 server
V. Comments for CVE-2020-29509
No comments yet