reports/GO-2021-0058.toml - vulndb - Git at Google

 package = "github.com/crewjam/saml"

 description = """
 An XML message can be maliciously crafted such that signature
 verification is bypassed.
 """

 cve = "CVE-2020-27846"

 credit = ""

 symbols = [
     "IdpAuthnRequest.Validate",
     "ServiceProvider.ParseXMLResponse",
     "ServiceProvider.ValidateLogoutResponseForm",
     "ServiceProvider.ValidateLogoutResponseRedirect"
 ]

 [[versions]]
 fixed = "v0.4.3"

 [[additional_packages]]
 package = "github.com/crewjam/saml/samlidp"
 smybols = ["getSPMetadata"]
 [[additional_packages.versions]]
 fixed = "v0.4.3"

 [[additional_packages]]
 package = "github.com/crewjam/saml/samlsp"
 smybols = ["ParseMetadata"]
 [[additional_packages.versions]]
 fixed = "v0.4.3"

 [links]
 commit = "https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053"
 context = ["https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9"]
	package = "github.com/crewjam/saml"

	description = """
	An XML message can be maliciously crafted such that signature
	verification is bypassed.
	"""

	cve = "CVE-2020-27846"

	credit = ""

	symbols = [
	"IdpAuthnRequest.Validate",
	"ServiceProvider.ParseXMLResponse",
	"ServiceProvider.ValidateLogoutResponseForm",
	"ServiceProvider.ValidateLogoutResponseRedirect"
	]

	[[versions]]
	fixed = "v0.4.3"

	[[additional_packages]]
	package = "github.com/crewjam/saml/samlidp"
	smybols = ["getSPMetadata"]
	[[additional_packages.versions]]
	fixed = "v0.4.3"

	[[additional_packages]]
	package = "github.com/crewjam/saml/samlsp"
	smybols = ["ParseMetadata"]
	[[additional_packages.versions]]
	fixed = "v0.4.3"

	[links]
	commit = "https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053"
	context = ["https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9"]