data/reports: add vulnerable_at to GO-2020-0047.yaml
Aliases: CVE-2020-36563, GHSA-5rhg-xhgr-5hfj
Updates golang/vulndb#47
Change-Id: I71d1d555fc02f52f25ed4c9b2ab5c17c49a162af
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462138
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
diff --git a/data/cve/v5/GO-2020-0047.json b/data/cve/v5/GO-2020-0047.json
index c3dfbed..204b3b7 100644
--- a/data/cve/v5/GO-2020-0047.json
+++ b/data/cve/v5/GO-2020-0047.json
@@ -30,6 +30,9 @@
},
{
"name": "NewSignedResponse"
+ },
+ {
+ "name": "ServiceProviderSettings.GetAuthnRequest"
}
],
"defaultStatus": "affected"
diff --git a/data/osv/GO-2020-0047.json b/data/osv/GO-2020-0047.json
index ac3a8d5..1c52550 100644
--- a/data/osv/GO-2020-0047.json
+++ b/data/osv/GO-2020-0047.json
@@ -33,7 +33,8 @@
"symbols": [
"AuthnRequest.Validate",
"NewAuthnRequest",
- "NewSignedResponse"
+ "NewSignedResponse",
+ "ServiceProviderSettings.GetAuthnRequest"
]
}
]
diff --git a/data/reports/GO-2020-0047.yaml b/data/reports/GO-2020-0047.yaml
index ea8ecb5..3b53b5a 100644
--- a/data/reports/GO-2020-0047.yaml
+++ b/data/reports/GO-2020-0047.yaml
@@ -1,11 +1,14 @@
modules:
- module: github.com/RobotsAndPencils/go-saml
+ vulnerable_at: 0.0.0-20170520135329-fb13cb52a46b
packages:
- package: github.com/RobotsAndPencils/go-saml
symbols:
- AuthnRequest.Validate
- NewAuthnRequest
- NewSignedResponse
+ derived_symbols:
+ - ServiceProviderSettings.GetAuthnRequest
description: |
XML Digital Signatures generated and validated using this package use
SHA-1, which may allow an attacker to craft inputs which cause hash