reports/GO-2020-0047.yaml - vulndb - Git at Google

 packages:
   - module: github.com/RobotsAndPencils/go-saml
     symbols:
       - AuthnRequest.Validate
       - NewAuthnRequest
       - NewSignedResponse
 description: |
     XML Digital Signatures generated and validated using this package use
     SHA-1, which may allow an attacker to craft inputs which cause hash
     collisions depending on their control over the input.
 published: 2021-04-14T20:04:52Z
 cve_metadata:
     id: CVE-2020-36563
     cwe: "CWE 328: Use of Weak Hash"
 links:
     context:
       - https://github.com/RobotsAndPencils/go-saml/pull/38
	packages:
	- module: github.com/RobotsAndPencils/go-saml
	symbols:
	- AuthnRequest.Validate
	- NewAuthnRequest
	- NewSignedResponse
	description: \|
	XML Digital Signatures generated and validated using this package use
	SHA-1, which may allow an attacker to craft inputs which cause hash
	collisions depending on their control over the input.
	published: 2021-04-14T20:04:52Z
	cve_metadata:
	id: CVE-2020-36563
	cwe: "CWE 328: Use of Weak Hash"
	links:
	context:
	- https://github.com/RobotsAndPencils/go-saml/pull/38