| module: github.com/russellhaering/goxmldsig |
| additional_packages: |
| - module: github.com/russellhaering/gosaml2 |
| symbols: |
| - SAMLServiceProvider.validateAssertionSignatures |
| versions: |
| - fixed: v0.6.0 |
| versions: |
| - fixed: v1.1.0 |
| description: | |
| Due to a nil pointer dereference, a malformed XML Digital Signature |
| can cause a panic during validation. If user supplied signatures are |
| being validated, this may be used as a denial of service vector. |
| published: 2021-04-14T12:00:00Z |
| cve: CVE-2020-7711 |
| credit: "@stevenjohnstone" |
| symbols: |
| - ValidationContext.validateSignature |
| links: |
| context: |
| - https://github.com/russellhaering/goxmldsig/issues/48 |
| - https://github.com/russellhaering/gosaml2/issues/59 |