reports/GO-2020-0046.yaml - vulndb - Git at Google

 module: github.com/russellhaering/goxmldsig
 additional_packages:
 - module: github.com/russellhaering/gosaml2
   symbols:
   - SAMLServiceProvider.validateAssertionSignatures
   versions:
   - fixed: v0.6.0
 versions:
 - fixed: v1.1.0
 description: |
   An attacker can craft a malformed XML Digital Signature which when
   validated causes a panic due to nil pointer deference.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2020-7711
 credit: '@stevenjohnstone'
 symbols:
 - ValidationContext.validateSignature
 links:
   context:
   - https://github.com/russellhaering/goxmldsig/issues/48
   - https://github.com/russellhaering/gosaml2/issues/59
	module: github.com/russellhaering/goxmldsig
	additional_packages:
	- module: github.com/russellhaering/gosaml2
	symbols:
	- SAMLServiceProvider.validateAssertionSignatures
	versions:
	- fixed: v0.6.0
	versions:
	- fixed: v1.1.0
	description: \|
	An attacker can craft a malformed XML Digital Signature which when
	validated causes a panic due to nil pointer deference.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2020-7711
	credit: '@stevenjohnstone'
	symbols:
	- ValidationContext.validateSignature
	links:
	context:
	- https://github.com/russellhaering/goxmldsig/issues/48
	- https://github.com/russellhaering/gosaml2/issues/59