—

GO-2026-5052

Vulnerability in software.sslmate.com/src/go-pkcs12

Details

Users who decode PKCS#12 files from untrusted sources and rely on the password for authentication can be tricked into accepting malicious PKCS#12 files.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / software.sslmate.com/src/go-pkcs12

Introduced in: 0.6.0 Fixed in: 0.7.2

Fix go get software.sslmate.com/src/go-pkcs12@v0.7.2

References

https://github.com/SSLMate/go-pkcs12/security/advisories/GHSA-mpwr-8vm7-h73f [ADVISORY]
https://github.com/SSLMate/go-pkcs12/commit/03c441f6b0267f695ca02464133c0b373bf4dd55 [FIX]