blob: 64e017f7c9efc0a09e9f14d65910c27670365912 [file] [log] [blame]
module: github.com/russellhaering/goxmldsig
additional_packages:
- module: github.com/russellhaering/gosaml2
symbols:
- SAMLServiceProvider.validateAssertionSignatures
versions:
- fixed: v0.6.0
versions:
- fixed: v1.1.0
description: |
Due to a nil pointer dereference, a malformed XML Digital Signature
can cause a panic during validation. If user supplied signatures are
being validated, this may be used as a denial of service vector.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-7711
credit: "@stevenjohnstone"
symbols:
- ValidationContext.validateSignature
links:
context:
- https://github.com/russellhaering/goxmldsig/issues/48
- https://github.com/russellhaering/gosaml2/issues/59