blob: 896cbc2c7480139f9530d0b0d997bdc345c9ebeb [file] [log] [blame]
module: github.com/dexidp/dex
package: github.com/dexidp/dex/connector/saml
versions:
- fixed: v0.0.0-20201214082111-324b1c886b40
description: |
Due to the behavior of encoding/xml, a crafted XML document may cause
XML Digital Signature validation to be entirely bypassed, causing an
unsigned document to appear signed.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-15216
credit: Juho Nurminen (Mattermost)
symbols:
- provider.HandlePOST
links:
commit: https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8
context:
- https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5