blob: 4de94f5613948b520cfa34c15f4a32b33ad1bf21 [file] [log] [blame]
module = "github.com/crewjam/saml"
description = """
An XML message can be maliciously crafted such that signature
verification is bypassed.
"""
cve = "CVE-2020-27846"
credit = ""
symbols = [
"IdpAuthnRequest.Validate",
"ServiceProvider.ParseXMLResponse",
"ServiceProvider.ValidateLogoutResponseForm",
"ServiceProvider.ValidateLogoutResponseRedirect"
]
published = "2021-04-14T12:00:00Z"
[[versions]]
fixed = "v0.4.3"
[[additional_packages]]
module = "github.com/crewjam/saml"
package = "github.com/crewjam/saml/samlidp"
smybols = ["getSPMetadata"]
[[additional_packages.versions]]
fixed = "v0.4.3"
[[additional_packages]]
module = "github.com/crewjam/saml"
package = "github.com/crewjam/saml/samlsp"
smybols = ["ParseMetadata"]
[[additional_packages.versions]]
fixed = "v0.4.3"
[links]
commit = "https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053"
context = ["https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9"]