Google Git
Sign in
go / vulndb / 666bba718687a5b168c1aa45bddb1844f63597c9^! / .
commit666bba718687a5b168c1aa45bddb1844f63597c9[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Fri Jan 13 17:34:55 2023 -0500
committerGopher Robot <gobot@golang.org>Sat Jan 14 00:31:03 2023 +0000
treecbf999e56f5723ea4650bc6faeac64b705379a8b
parent87d96701df13a9204b62952632472b0752531fe2 [diff]
data/reports: add vulnerable_at to GO-2020-0047.yaml

Aliases: CVE-2020-36563, GHSA-5rhg-xhgr-5hfj

Updates golang/vulndb#47

Change-Id: I71d1d555fc02f52f25ed4c9b2ab5c17c49a162af
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462138
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Auto-Submit: Tatiana Bradley <tatiana@golang.org>

diff --git a/data/cve/v5/GO-2020-0047.json b/data/cve/v5/GO-2020-0047.json
index c3dfbed..204b3b7 100644
--- a/data/cve/v5/GO-2020-0047.json
+++ b/data/cve/v5/GO-2020-0047.json

@@ -30,6 +30,9 @@
             },
             {
               "name": "NewSignedResponse"
+            },
+            {
+              "name": "ServiceProviderSettings.GetAuthnRequest"
             }
           ],
           "defaultStatus": "affected"

diff --git a/data/osv/GO-2020-0047.json b/data/osv/GO-2020-0047.json
index ac3a8d5..1c52550 100644
--- a/data/osv/GO-2020-0047.json
+++ b/data/osv/GO-2020-0047.json

@@ -33,7 +33,8 @@
             "symbols": [
               "AuthnRequest.Validate",
               "NewAuthnRequest",
-              "NewSignedResponse"
+              "NewSignedResponse",
+              "ServiceProviderSettings.GetAuthnRequest"
             ]
           }
         ]

diff --git a/data/reports/GO-2020-0047.yaml b/data/reports/GO-2020-0047.yaml
index ea8ecb5..3b53b5a 100644
--- a/data/reports/GO-2020-0047.yaml
+++ b/data/reports/GO-2020-0047.yaml

@@ -1,11 +1,14 @@
 modules:
   - module: github.com/RobotsAndPencils/go-saml
+    vulnerable_at: 0.0.0-20170520135329-fb13cb52a46b
     packages:
       - package: github.com/RobotsAndPencils/go-saml
         symbols:
           - AuthnRequest.Validate
           - NewAuthnRequest
           - NewSignedResponse
+        derived_symbols:
+          - ServiceProviderSettings.GetAuthnRequest
 description: |
     XML Digital Signatures generated and validated using this package use
     SHA-1, which may allow an attacker to craft inputs which cause hash