reports/GO-2021-0058.yaml - vulndb - Git at Google

 module: github.com/crewjam/saml
 additional_packages:
 - module: github.com/crewjam/saml
   package: github.com/crewjam/saml/samlidp
   versions:
   - fixed: v0.4.3
 - module: github.com/crewjam/saml
   package: github.com/crewjam/saml/samlsp
   versions:
   - fixed: v0.4.3
 versions:
 - fixed: v0.4.3
 description: |
   An XML message can be maliciously crafted such that signature
   verification is bypassed.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2020-27846
 symbols:
 - IdpAuthnRequest.Validate
 - ServiceProvider.ParseXMLResponse
 - ServiceProvider.ValidateLogoutResponseForm
 - ServiceProvider.ValidateLogoutResponseRedirect
 links:
   commit: https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053
   context:
   - https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
	module: github.com/crewjam/saml
	additional_packages:
	- module: github.com/crewjam/saml
	package: github.com/crewjam/saml/samlidp
	versions:
	- fixed: v0.4.3
	- module: github.com/crewjam/saml
	package: github.com/crewjam/saml/samlsp
	versions:
	- fixed: v0.4.3
	versions:
	- fixed: v0.4.3
	description: \|
	An XML message can be maliciously crafted such that signature
	verification is bypassed.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2020-27846
	symbols:
	- IdpAuthnRequest.Validate
	- ServiceProvider.ParseXMLResponse
	- ServiceProvider.ValidateLogoutResponseForm
	- ServiceProvider.ValidateLogoutResponseRedirect
	links:
	commit: https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053
	context:
	- https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9