reports/GO-2020-0047.yaml - vulndb - Git at Google

 module: github.com/RobotsAndPencils/go-saml
 description: |
     XML Digital Signatures generated and validated using this package use
     SHA-1, which may allow an attacker to craft inputs which cause hash
     collisions depending on their control over the input.
 symbols:
   - AuthnRequest.Validate
   - NewAuthnRequest
   - NewSignedResponse
 links:
     context:
       - https://github.com/RobotsAndPencils/go-saml/pull/38
	module: github.com/RobotsAndPencils/go-saml
	description: \|
	XML Digital Signatures generated and validated using this package use
	SHA-1, which may allow an attacker to craft inputs which cause hash
	collisions depending on their control over the input.
	symbols:
	- AuthnRequest.Validate
	- NewAuthnRequest
	- NewSignedResponse
	links:
	context:
	- https://github.com/RobotsAndPencils/go-saml/pull/38