XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2020-0047" }