CVE-2020-36563

Summary

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE 328: Use of Weak Hash

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References