reports/GO-2020-0047.toml - vulndb - Git at Google

 package = "github.com/RobotsAndPencils/go-saml"

 description = """
 XML Digital Signatures generated and validated using this package use
 SHA-1, as such an attacker may be able to craft input which cause
 hash collisions.
 """

 symbols = ["AuthnRequest.Validate", "NewAuthnRequest", "NewSignedResponse"]

 [links]
 context = ["https://github.com/RobotsAndPencils/go-saml/pull/38"]
	package = "github.com/RobotsAndPencils/go-saml"

	description = """
	XML Digital Signatures generated and validated using this package use
	SHA-1, as such an attacker may be able to craft input which cause
	hash collisions.
	"""

	symbols = ["AuthnRequest.Validate", "NewAuthnRequest", "NewSignedResponse"]

	[links]
	context = ["https://github.com/RobotsAndPencils/go-saml/pull/38"]