blob: d49ebb9ec013819eb44bd1ada4a5d7d00d8e61d4 [file] [log] [blame]
module = "github.com/russellhaering/goxmldsig"
description = """
An attacker can craft a malformed XML Digital Signature which when
validated causes a panic due to nil pointer deference.
"""
cve = "CVE-2020-7711"
credit = "@stevenjohnstone"
symbols = ["ValidationContext.validateSignature"]
[[versions]]
fixed = "v1.1.0"
[[additional_packages]]
module = "github.com/russellhaering/gosaml2"
symbols = ["SAMLServiceProvider.validateAssertionSignatures"]
[[additional_packages.versions]]
fixed = "v0.6.0"
[links]
context = ["https://github.com/russellhaering/goxmldsig/issues/48", "https://github.com/russellhaering/gosaml2/issues/59"]