| module: github.com/russellhaering/goxmldsig |
| additional_packages: |
| - module: github.com/russellhaering/gosaml2 |
| symbols: |
| - SAMLServiceProvider.validateAssertionSignatures |
| versions: |
| - fixed: v0.6.0 |
| versions: |
| - fixed: v1.1.0 |
| description: | |
| An attacker can craft a malformed XML Digital Signature which when |
| validated causes a panic due to nil pointer deference. |
| published: 2021-04-14T12:00:00Z |
| cve: CVE-2020-7711 |
| credit: '@stevenjohnstone' |
| symbols: |
| - ValidationContext.validateSignature |
| links: |
| context: |
| - https://github.com/russellhaering/goxmldsig/issues/48 |
| - https://github.com/russellhaering/gosaml2/issues/59 |